[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS URL extension

To: Michael Ströder <michael@stroeder.com>
Subject: Re: StartTLS URL extension
From: Howard Chu <hyc@symas.com>
Date: Mon, 06 Oct 2008 15:16:33 -0700
Cc: Philip Guenther <guenther+ldapdev@sendmail.com>, OpenLDAP-devel@openldap.org
In-reply-to: <48EA89B3.4050701@stroeder.com>
References: <48E97964.6070300@symas.com> <E1KmiYZ-003VPH-Eu@intern.SerNet.DE> <48E9F7C0.4060707@stroeder.com> <48E9F898.1080106@sys-net.it> <48EA221F.10004@stroeder.com> <alpine.BSO.1.10.0810060750070.9157@vanye.sendmail.com> <48EA7A22.10005@stroeder.com> <alpine.BSO.1.10.0810061415570.9157@vanye.sendmail.com> <48EA89B3.4050701@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b1pre) Gecko/20081004 SeaMonkey/2.0a1pre

Michael Ströder wrote:

Philip Guenther wrote:

I agree that ldap_initialize() should
behave as it currently does, setting up the handle but not opening any
connections.

So this would need ldap_initialize() to defer calling ldap_start_tls().
I don't think that's what Pierangelo has in mind.

But that might actually be the simplest approach. ldap_initialize() can parse the URL and set a flag in the LDAP* handle noting that StartTLS was requested. On the next request, we can check to see if this flag is set and the current request is not a StartTLS exop. If so, perform the exop first. Then clear the flag and carry on.

Hmm, StartTLS implies/requires protocol version 3.  It seems unfortunate
that ldap_initialize() wasn't made to default to version 3.  Lacking a
change to that, what should happen if you use one of these URIs without
setting the version to 3?

The same thing that happens now if you try to call ldap_start_tls_s() without setting the version to 3 (error).

Another valid point.

Well, I've changed the default for the protocol_version in python-ldap
to VERSION3 and no-one ever complained...

c) automatically change version, because confusing people is fun.


On some X.500 servers one can configure different charsets if LDAPv2 is
used...

Ah, the joy of T.61 just never dies...

Ciao, Michael.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>

References:
- StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>
- Re: StartTLS URL extension
  - From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: StartTLS URL extension
Next by Date: Re: StartTLS URL extension
Index(es):
- Chronological
- Thread