On 08/30/2016 03:27 AM, Howard Chu wrote:
Date: Mon, 29 Aug 2016 11:43:27 -0600
From: Rich Megginson <rmeggins@xxxxxxxxxx>
Subject: [389-devel] Re: Sign compare checking
To: 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
Message-ID: <a7fdb987-8efa-d26d-08c1-3cf0ecb59c5e@xxxxxxxxxx>
Content-Type: multipart/alternative; boundary="------------
2A83E5142B304396ABB138B7"
Part of the problem is that we wanted to support being able to use both
mozldap and openldap, without too much "helper" code/macros/#ifdef
MOZLDAP/etc. It looks as though this is a place where we need to have
some sort of helper.
(as for why we still support mozldap - we still need an ldap c sdk that
supports NSS for crypto until we can fix that in the server. Once we
change 389 so that it can use openldap with openssl/gnutls for crypto,
we should consider deprecating support for mozldap.)
What support for MozNSS is OpenLDAP lacking? Support for MozNSS has
been in there for ages now.
It isn't that support for MozNSS in OpenLDAP is lacking. OpenLDAP
definitely has the requisite MozNSS support, and we use it on those
platforms where OpenLDAP is compiled with MozNSS. The problem is that
some distros compile OpenLDAP with support for crypto other than MozNSS,
and 389 can't use it. We're working to make 389 able to use OpenLDAP
compiled with openssl and gnutls.
Patches to make Mozilla work with OpenLDAP instead of mozldap have
also been available for ages.
https://bugzilla.mozilla.org/show_bug.cgi?id=292127#c17 through
comment #30
Thanks.
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
