[gnutls-dev] Re: SASL/EXTERNAL

Simon Josefsson jas at extundo.com
Fri Oct 7 15:32:24 CEST 2005

Albert Chin <gnutls-dev at mlists.thewrittenword.com> writes:

> According to:
>   http://www.stacken.kth.se/lists/heimdal-discuss/2000-07/msg00068.html
>   OpenLDAP 2.x SASL/EXTERNAL(TLS) support is under development is
>   based upon OpenSSL.
> We are investigating the addition of GnuTLS support for OpenLDAP. If
> SASL EXTERNAL is tied to OpenSSL in OpenLDAP, is this something GnuTLS
> currently provides or could provide? 

If the SASL EXTERNAL hooks in OpenLDAP only check whether OpenSSL is
enabled, then it won't work.  I imagine that you would have to change
OpenLDAP's EXTERNAL code to also check if GnuTLS layers are present.
That should be simple to add.

Btw, I recall that Cyrus SASL, or at least some of the Cyrus SASL
modules, depend on OpenSSL.  GNU SASL might be another SASL
alternative, and I have experience integrating it together with GnuTLS
(although not in OpenLDAP).


More information about the Gnutls-devel mailing list