Re: ANNC and query: ldapmodule-1.10a3-patched RPMs available

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Joe Little wrote:
> 
> I'm not complaining..

Joe, since you are really contributing code be assured that I did
not point to you.

> we need specifically to support v3 schema,

Could be done in higher-level Python modules. (Not trivial though.)
Not sure if you won't have to fiddle with BER-encoded data
(implementing syntax matching).

> OpenLDAP v2 ACLs,

Currently this whole ACL thing is vendor-specific => you would have
to write a specific module for each LDAP server. Finding a good
abstraction level would be required. See also "Access Control Model
for LDAP" on http://www.ietf.org/html.charters/ldapext-charter.html
for an attempt to define a standard. There's no need for a modified
C extension module. You could also implement this in Python.

> StartTLS,

Or LDAP over SSL (ldaps://..). IMHO STARTTLS is not widely
implemented up to now.

Let me add two things.

Thread-safety/reentrant: Would require to go with the Mozilla SDK or
use ldap_r of OpenLDAP 2.0.x (experimental, see my other posting
with Kurt's not about it).

Proper handling of referrals / search continuations: Konstantin's
patch already provides this but there are sometimes strange LDAP
referral URLs returned. Might be a bug of the OpenLDAP 2.0.x libs.

Ciao, Michael.