On Wed, Sep 21, 2011 at 02:43:47AM +0400, Lev Serebryakov wrote: > Hello, Xin. > You wrote 21 сентября 2011 г., 2:34:09: > > > That's true but is there any very compelling reason to do that (not > > say no if someone really want to invest time on this and maintain it) > > instead of just using an actively maintained codebase? The OpenLDAP > > license is pretty similar to a BSD license: > My point is not a license. I don't know, what is simpler: > (a) strip-down and rename API for OpenLDAP and later import new releases, > with new strip-downs and renames (IMHO, it is harder, than import and > support almost-intact code, like sendmail or bind), > or > (b) maintain local code, most of which is auto-generated from standard > by very mature and stable tool, as Lev's asn1c is. I know Lev > personally, and he says, that this tool is used by many Telco > operators and other Big Companies and he is not aware about any > outstanding bugs (from year 2007!) even when very complex (much more > complex than LDAPv3) ASN.1 rules are processed. Sometimes he is > contacted for support, but always it is not bugs in compiler, but some > other problems. > > Maybe, import and maintaining of hacked OpenLDAP is simpler in > long-standing perspective. Maybe not. I only want to point, that if we > want our own LDAP client library, we don't need to write tons of > non-obvious, error-prone and security-sensitive code by hands. >
Yes, the question of maintanence of the OpenLDAP code in the base is not trivial by any means. I remember that openldap once broke the ABI on its stable-like branch. Having API renamed during the import for the actively-developed third-party component is probably a stopper. I am aware of the rename done for ssh import in ssh_namespace.h, but I do not think such approach scale. Would the import of openldap and nss + pam ldap modules in src/ give any benefits over having openldap and ldap nss + pam modules on the dvd1 ?
pgpDa3BQYI9Tu.pgp
Description: PGP signature
