[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: API Programming questions

To: Howard Chu <hyc@highlandsun.com>
Subject: Re: API Programming questions
From: Ugen <ugen@xonix.com>
Date: Wed, 14 May 2003 16:50:20 -0400
Cc: "'Jody Hagins'" <jody@atdesk.com>, openldap-software@OpenLDAP.org
References: <00c301c31a57$5151fb30$0e01a8c0@CELLO>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Too long to answer but in short there is no "ssh type" auth.
There are other types
but most do not work correctly (aside from simple). Last time
i checked SASL was broken (though claimed to work).


Last time I checked SASL auth worked fine... What problems did you have, and
did you file a bug report?

1) I am using 2.0.27 over here.

<RANT> It seems that noone is too keen on fixing anything in it,
since its' a "legacy" codebase.For example, I reported on the list
a bug where database disk synch was always on, thus severely
reducing performance of delete/modify operations.
Got nothing in response, even though i had a patch attached.

So to be honest between that and being extremely busy in my work
i just don't have time to file reports. My current project revolves heavily
around OpenLDAP and i simply fix bugs and improve things as i find them.

I'd love to "give back to community" but only if community would be
receptive :) </RANT>

2) SASL is broken. When i say "SASL" i mean cyrus-sasl-1.5.28.
There may be a newer better version i am not aware of.

It is broken internally without any relation to OpenLDAP.

I have gone through the library code and basically their state machine misses
certain states or incorrectly reacts to others. The way it's coded, in some
situations their own client won't be able to talk to their server.
There are multiple smaller bugs in code where they don't use correctly their
own api or don't return correct error codes. Certain things simply do not compile.

I went through this back in January and don't have the details, nor do i have the
time or patience to fix it. Some of the simpler mechanisms may work i suppose.
I consider SASL an unnecessary hurdle. Yes, i know it's in the standard.

The only time i'd find SASL useful is to do GSSAPI auth against ActiveDirectory
but since nobody on this list knows how to do that - i just turned SASL off and
been happy ever since. If/when i get time i may revisit this if anyone is interested.

--Ugen

Follow-Ups:
- RE: API Programming questions
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: API Programming questions
  - From: Michael Ströder <michael@stroeder.com>

References:
- RE: API Programming questions
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: API Programming questions
Next by Date: Re: API Programming questions
Index(es):
- Chronological
- Thread