William A. Rowe, Jr. wrote:
Wouldn't it be *much* more economical to do something similar to apr_procattr_t, where we set up all the choices beforehand, and can reuse the apr_ldapopt_t over and over on each ldap connection for options which do not change?
All the LDAP toolkits have this concept already - you just call ldap_set_option with a NULL ldap handle and you set system wide properties (like defaults, and SSL params).
The issue is the supporting of client certificates - which in some cases (openldap, microsoft) are set on a per connection basis (which makes the most sense), and in other cases are set on a system wide sense (novell in my understanding).
Not only do we have to somehow handle this in APR, but we also need to handle this in httpd. Perhaps we need an httpd directive with global only scope that sets "system wide" certificates (AKA CA certs, but in the Novell case it could also be a client side cert valid system wide), as well as a local scoped per connection directive for "client certificates" (ie a per connection client cert, supported by Microsoft and OpenLDAP but fails with a graceful error on Novell).
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
