TLS context
Michael Ströder
michael at stroeder.com
Mon Nov 12 11:59:37 CET 2001
Jacek Konieczny wrote:
>
> On Sun, Nov 11, 2001 at 03:20:06PM +0100, Michael Ströder wrote:
> > > I have not yet checked if TLS options all global or connection-specific.
> >
> > I would assume that TLS/SSL options are connection-specific since
> > you might have different trusted root CA certs, etc.
>
> I have checked this and it turned out, that mose TLS options are global,
> and cannot be set per LDAPObject.
> To support global options (which can eventualy be available as object
> options) I have moved part of setattr and getattr of LDAPObject to other
> functions, which can also be used without object for setting global
> options.
Well, if the TLS options are global they should be handled globally.
Therefore any global option must not be wrapped by an attribute of
the LDAP connection object. The application programmer has to deal
with it.
> Do we really need suport for OpenLDAP < 2.x?
No. It was decided ages ago that we drop support for OpenLDAP 1.x,
Netscape SDK and Novell SDK if we have something stable working with
OpenLDAP 2.x.
> Now python-ldap compiled with OpenLDAP1 and python-ldap compiled with
> OpenLDAP2 are so different as they are different modules. And the code
> is quite hard to maintain.
You're welcome to throw away any code not needed when compiling
against OpenLDAP 2.x libs. E.g. I already removed autoconf stuff
from CVS. If someone needs that he/she can check out the tagged old
version.
> It was long time ago, when OpenLDAP2 was experimental.
Yes.
Ciao, Michael.
More information about the python-ldap
mailing list