Closed Bug 212875 Opened 21 years ago Closed 4 years ago

Use OpenLDAP instead of the Netscape's LDAP SDK

Categories

(Directory :: LDAP C SDK, enhancement)

Product:
Directory
Component:
LDAP C SDK
Platform:
x86
All
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
Future

People

(Reporter: mi+mozilla, Assigned: mcs)

References

(Blocks 1 open bug,
URL
)

Details

User-Agent:       Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD 5.1-CURRENT; X11; i386)
Build Identifier: 

The OpenLDAP seems to be a more "vibrant" project and Mozilla should offer it as a build-time 
alternative if not switch to it outright. 
 
The particularly important feature is the Cyrus-SASL integration OpenLDAP offers, which lets 
one talk to MS-Exchange's Active Directory servers after Kerberos authentication. 
 
There probably are others. 

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
-> Directory
Assignee: general → mcs
Component: Browser-General → LDAP C SDK
Product: Browser → Directory
Version: Trunk → other
The Mozilla LDAP code is also actively maintained, although you are correct that
OpenLDAP's SDK has some features we do not (and we have some features they do
not have). Offering OpenLDAP as an alternative would actually be quite a bit of
work due to the requirement to integrate with NSPR (something OpenLDAP likely
does not support).
Status: UNCONFIRMED → NEW
Ever confirmed: true
TM = Future
Target Milestone: --- → Future
An additional issue, is that the Netscape SDK is apparently being used in LDAPv2
mode.  

With OpenLDAP and other LDAP server dropping support for LDAPv2 there will be an
increasing number of Directory servers that Mozilla projects will not be able to
use.

Regarding comment 4, use of LDAPv3 by Mozilla applications is the subject of bug
198168 (recently fixed).
One huge problem with this is that Mozilla requires the use of NSS for crypto, but OpenLDAP uses openssl.  I don't know if it is possible to mix the two crypto providers, but it is not desirable.  Upcoming releases of NSS will have FIPS 140-2  and smart card support which openssl does not have.  We will be working on adding cyrus sasl support to the ldapsdk in the very near future.

You might want to file an ITS against openldap for them to add NSS support.

Not going to do this.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.