RE: Does slapd support TLS thorugh SASL EXTERNAL mechanism

["Howard Chu" <hyc@highlandsun.com>]

For the simpler question: as much as possible of the TLS functionality is
encapsulated in libldap. The fact that you don't see a lot of calls to the
TLS library in the slapd code is a measure of the success of this
encapsulation. At any rate, slapd has had support for TLS since early in
2.0.x, and SASL EXTERNAL has been supported for quite a while now too. If
you haven't seen the calls in the code, you just haven't looked at the right
places.

For this question:
	Does it use TLS library directly, or does it go through
	SASL using the "EXTERNAL" mechanism.
Using libldap, both can be true. I.e., the code can just use TLS by itself.
Or if SASL is being used, it will be layered above TLS. In the case of SASL
EXTERNAL, the SASL library does nothing more than pass-thru mode, that's
what EXTERNAL is all about.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

-----Original Message-----
From: owner-openldap-devel@OpenLDAP.org
[mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Vaideeswaran, Ganesh
Sent: Friday, April 19, 2002 1:51 PM
To: 'openldap-devel@openldap.org'
Subject: Does slapd support TLS thorugh SASL EXTERNAL mechanism


Hi,

How does slapd support TLS?

I looked at LDAP library, and see that there is a way to tie in TLS with
SASL using EXTERNAL
mechanism. But I do not see this being used anywhere in slapd. Is this being
used only in slurpd?
If so, why not??

Thanks in advance.

Ganesh