Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index 

Hello,

On 12/12/11 10:32, Lionel Elie Mamane wrote:

We bundle OpenSSL with LibreOffice,

We do? Oh, great, I had missed that.


OK, so what I did now is following:
1) We build the static library with ssl and ldap support on all
platforms currently.
2) I patched the postgresql configury so that it has an option
--with-mozldap. This one is used when we use internally in LO mozilla
for ldap connections. Without that option, the stuff falls on openldap.
Not sure it works, but it builds.


It should be possible to assume as a system library for Linux and
MacOSX

OK, good.


I did completely leave the kerberos outside. Anybody that wants to make
it work on MacOSX will not have too difficult work I guess. I don't dare
to do anything about it on Linux, since I don't know how it will affect
our baseline. Nevertheless, let us assume that typical LO user will be
ok with ldap and ssl.


It depends what value we give to "really". My guess is that it is
desirable. Without it our internal libpq has one less feature. I don't
have a good idea of how significant that feature is, since Windows has
some Kerberos implementation, too; libpq (if compiled with support for
both) allows to choose which one to use at runtime. What are the
compared compatibility issues and/or features of both, I don't
know. For example, can the Windows Kerberos client authenticate
against all Unix Kerberos setups that MIT-Kerberos/GSSAPI can
authenticate against? I guess that if the PostgreSQL project went the
extra mile of allowing simultaneous support for both, selectable at
run-time and all that, this means at least some users benefit from it.


OK, in my humble opinion, let Windows users select this kind of thing on
runtime is a sure path to hell. But as it stands, the libpq that we
build uses some of the win32 security apis for authentication, so I
would assume that the users should be able to do what they need from
their windows posts. Those productive things like mailmerge with pgsql
database of all employees and so on :)


Yes, but libpq "as is" AFAIK cannot use Mozilla-LDAP. Maybe it can be
hacked to do that. Are OpenLDAP and Mozilla-LDAP API-compatible, so
that we can just use Mozilla-LDAP headers and libraries where libpq
assumes OpenLDAP, and not change anything the in the libpq sources?
Then I guess it would be easy enough indeed.


Yup, it was hacked to do that now :)

Cheers

F.

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.