[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: API Programming questions

To: openldap-software@OpenLDAP.org
Subject: Re: API Programming questions
From: Simon Wilkinson <simon@sxw.org.uk>
Date: Wed, 14 May 2003 23:42:16 +0100
In-reply-to: <00ce01c31a66$b2be2ce0$0e01a8c0@CELLO>
References: <00ce01c31a66$b2be2ce0$0e01a8c0@CELLO>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312

Howard Chu wrote:

 The only time i'd find SASL useful is to do GSSAPI auth against
ActiveDirectory
but since nobody on this list knows how to do that - i just turned SASL off
and
been happy ever since. If/when i get time i may revisit this if anyone is
interested.
<<<
Works fine for me...

Me too. Its worth noting a couple of issues with GSSAPI in SASL. In 1.5.x the buffer size negotiation is completely broken. Both 1.5.x and 2.<whatever> assume that the underlying GSSAPI implementation is thread safe. Using a non-threadsafe library (such as MIT Kerberos) with a multi-threaded application (slapd or slurpd, say) will result in pain.

I've got round this here by making the SASL library mutex protect every GSSAPI call. It seems to have solved that particular problem for us. I can make patches for Cyrus-SASL 1.5.28 available if anyone is interested.

Cheers,

Simon.

Attachment: pgp40jknER5th.pgp
Description: PGP signature

References:
- RE: API Programming questions
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: Problem with attribute syntax
Next by Date: Re: "slapmod": off-line tool for editing database entries?
Index(es):
- Chronological
- Thread