Re: python-ldap hanging for 15 minutes under certain conditions
On 02/03/2011 11:59 PM, Michael Wood wrote: > On 4 February 2011 08:32, James Andrewartha wrote: >> On 04/02/11 03:31, Michael Ströder wrote: >>> Michael Wood wrote: On 3 February 2011 18:16, Rich Megginson wrote: > On 02/03/2011 04:34 AM, Michael Wood wrote: >> e.g. Ubuntu Lucid Lynx with libldap2-dev version 2.4.21-0ubuntu5.3 and >> python-ldap 2.3.10-1ubuntu1. [..] But I thought it was worth a try to recompile OpenLDAP and link with OpenSSL instead of GnuTLS. After doing that, the problem went away! >>> That was my first idea when I read that you're using Ubuntu (based on >>> Debian). >>> There have been so many issues with OpenLDAP linked with GnuTLS during the >>> last years. I really wonder why the Debian folks force everybody to use >>> this. >>> IMO that's a major issue with Debian. >> Debian uses GnuTLS because OpenSSL has the non-GPL compatible >> advertising clause, and libldap is linked into many GPL applications. So > Ah, good point. > >> the solutions are fix the OpenSSL licensing or make GnuTLS not suck; I > Or switch to something else. OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed GPLv2+/LGPLv2+/MPL) for crypto Fedora 14 and later use this instead of OpenSSL >> have no hope of either occurring. > I understand your lack of hope wrt. the licensing situation and I > suppose switching to another SSL/TLS library is unlikely at this > point. I do hold out some hope that issues like this in GnuTLS (or in > the software using GnuTLS?) can get fixed, though. > -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Michael Wood wrote: > I do hold out some hope that issues like this in GnuTLS (or in > the software using GnuTLS?) can get fixed, though. The issues with GnuTLS are known since years now I suspect that everybody setting up a serious (Open-)LDAP deployment just builds with OpenSSL and therefore nobody is using GnuTLS seriously. So nobody sees a benefit for investing in getting GnuTLS improved. Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Rich Megginson wrote: > OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed > GPLv2+/LGPLv2+/MPL) for crypto > Fedora 14 and later use this instead of OpenSSL I see some benefits using Mozilla NSS especially with LDAP clients. But I wonder whether we could use it from python-ldap via OpenLDAP just like Mozilla clients use it. I'm thinking of support for PKCS#11 tokens and adding trusted certs. Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
On 02/04/2011 09:15 AM, Michael Ströder wrote: > Rich Megginson wrote: >> OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed >> GPLv2+/LGPLv2+/MPL) for crypto >> Fedora 14 and later use this instead of OpenSSL > I see some benefits using Mozilla NSS especially with LDAP clients. But I > wonder whether we could use it from python-ldap via OpenLDAP just like Mozilla > clients use it. Yes. I've been using it for a while like that. For more information: http://www.openldap.org/faq/index.cgi?file=1514 > I'm thinking of support for PKCS#11 tokens and adding trusted > certs. See the above FAQ - there is some information there about use of tokens other than the default builtin softtoken. > Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
