TLS context
Jacek Konieczny
jajcus at bnet.pl
Mon Nov 12 15:16:03 CET 2001
On Mon, Nov 12, 2001 at 11:59:37AM +0100, Michael Ströder wrote:
>
> Well, if the TLS options are global they should be handled globally.
> Therefore any global option must not be wrapped by an attribute of
> the LDAP connection object. The application programmer has to deal
> with it.
The problem is, that some of the options can be used globally and
locally. Eg. LDAP_OPT_X_TLS.
But we can handle those two cases separately.
Currently I handle the global options as strings (like it was for local
options implemented as attributes). But maybe it would be better to
handle them as constants.
eg.:
ldap.set_option("tls_cacertfile","file")
against:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,"file")
The first solution is shorter to use, the second is more like OpenLDAP C
API. Which one should I use? If it is to be separated from "local"
options (implemented as attribute) then IMHO the second would be better.
Currently I have the first one implemented, but it is easy to change.
> You're welcome to throw away any code not needed when compiling
> against OpenLDAP 2.x libs. E.g. I already removed autoconf stuff
> from CVS. If someone needs that he/she can check out the tagged old
> version.
OK. So I will do it. I will add "#error" for LDAP_API_VERSION < 2000
It will be easier to extend the module then.
Greets,
Jacek
More information about the python-ldap
mailing list