[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Flags for TLS/SASL command line options


I've just submitted a patch for implementing these options in the ITS. I
have some remarks:

 - I think support for GNU-style long options should be considered. The
single-letter options start to become too many (ldapsearch has 34 options
now) and some of them have no association with their function.

 - Looking at the C API draft, I could not find a way for a client to
have any control/knowledge about the SASL integrity/privacy support. I've
added 3 new LDAP session handle options for that (get/set minimum, maximum
and actual SSF), but I think this problem must be addressed at the API
standard level. Otherwise applications will see no real benefits from SASL
security as they will always need to use TLS if they want to be sure that
the communication is secure (unless, of course, they support OpenLDAP
extensions :)


Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary