On 08/30/2016 03:27 AM, Howard Chu wrote:
> Date: Mon, 29 Aug 2016 11:43:27 -0600
> From: Rich Megginson <rmeggins(a)redhat.com>
> Subject: [389-devel] Re: Sign compare checking
> To: 389-devel(a)lists.fedoraproject.org
> Message-ID: <a7fdb987-8efa-d26d-08c1-3cf0ecb59c5e(a)redhat.com>
> Content-Type: multipart/alternative; boundary="------------
> Part of the problem is that we wanted to support being able to use both
> mozldap and openldap, without too much "helper" code/macros/#ifdef
> MOZLDAP/etc. It looks as though this is a place where we need to have
> some sort of helper.
> (as for why we still support mozldap - we still need an ldap c sdk that
> supports NSS for crypto until we can fix that in the server. Once we
> change 389 so that it can use openldap with openssl/gnutls for crypto,
> we should consider deprecating support for mozldap.)
What support for MozNSS is OpenLDAP lacking? Support for MozNSS has
been in there for ages now.
It isn't that support for MozNSS in OpenLDAP is lacking. OpenLDAP
definitely has the requisite MozNSS support, and we use it on those
platforms where OpenLDAP is compiled with MozNSS. The problem is that
some distros compile OpenLDAP with support for crypto other than MozNSS,
and 389 can't use it. We're working to make 389 able to use OpenLDAP
compiled with openssl and gnutls.
Patches to make Mozilla work with OpenLDAP instead of mozldap have
also been available for ages.