Subject: Re: NTLM stuff - msg#00123

Previous Message by Date: click to view message preview

Re: NTLM stuff

> I can't remember off the top of my head where I read it, but I believe > that the patch to OpenLDAP merely puts hooks into it to call the actual > NTLM functions inside Evolution. Other way around. The patch adds an API to OpenLDAP that takes an NTLM request and constructs an LDAP auth request containing it, and another API to extract the NTLM response from the LDAP auth response. > These are the functions that I'm > proposing be moved outside of Evolution so that an NTLM-enabled version > of OpenLDAP wouldn't depend on Evolution. Right, the patched OpenLDAP doesn't actually depend on evolution, it's just that the new API isn't useful on its own. But anyway, we should try to get a better solution. If the OpenLDAP team is interested in adding NTLM support to OpenLDAP, then we can send them a self-contained patch and get that added. If not, they may still be ok with adding either the specific API we're currently using, or a more generic low-level API that could possibly be used for other things. Either way though, it would be a while before the changes made it into a stable release, and from there into the various distros... -- Dan _______________________________________________ evolution-hackers maillist - evolution-hackers@xxxxxxxxxxxxxxxx http://lists.ximian.com/mailman/listinfo/evolution-hackers

Next Message by Date: click to view message preview

Re: NTLM stuff

On man, 2004-05-17 at 10:10 -0400, Rodney Dawes wrote: > > How so? If OpenLDAP learns how to speak NTLM, what do we need a special > > version for? > Because it will take at least a year to make it into the distros > properly. Oh, ok. That makes sense. > > Current situation: > > Ximian Connector contains NTLM-functionality. > > To use the Connector, you need a patched version of OpenLDAP. > > The patched version of OpenLDAP calls some functions in the Connector to > > do NTLM. > No. The patched version of OpenLDAP adds some hooks that the exchange > code connects to. Aha! I think the penny just dropped. :-) > This is no different than the callbacks provided by the other libraries that > evolution-exchange uses... GTK+ for example. Except of course that GTK+ does what Evolution needs without pathces, right? > > I'm quite sure that we can agree that the patched version of OpenLDAP > > and the Connector have an interdependency, right? > No. Because they don't. :) Well, if you want to do NTLM with OpenLDAP, then yes, but otherwise no. :-) > > The situation I propose: > > The NTLM-functionality from the Connector is moved into a new library > > (libntlm). > > The patch to OpenLDAP which is currently used for the Connector, is > > submitted to upstream. This creates a dependency between OpenLDAP and > > libntlm. > > The Connector can now run with the new stock OpenLDAP. > There's no need for a libntlm. We can just put the code straight into > OpenLDAP. Having a libntlm would end up creating a mess of dependencies > between more than 2 modules. Okie. I don't know how complex NTLM is. I just assumed it was pretty complex, and Evolution still needs to do it itself for SMTP and IMAP authentication, and then it'd make sense to move it into a library. But hey, if it's that simple, all that's left to do is to forward the OpenLDAP patch to upstream? -- Salu2, SÃren. (wannabe Evolution-hacker) _______________________________________________ evolution-hackers maillist - evolution-hackers@xxxxxxxxxxxxxxxx http://lists.ximian.com/mailman/listinfo/evolution-hackers

Previous Message by Thread: click to view message preview

Re: NTLM stuff

On man, 2004-05-17 at 09:28 -0400, Rodney Dawes wrote: > I don't know how long it would > take though. Of course, we would still depend on some patch to OpenLDAP > for Evolution Exchange to work properly. How so? If OpenLDAP learns how to speak NTLM, what do we need a special version for? > > Oh, no. I don't expect Evolution to stop depending on OpenLDAP. Just the > > other way around. > OK. OpenLDAP doesn't depend on Evolution. Evolution Exchange depends on > a specific patch to OpenLDAP to be able to do NTLM authentication. Yes, but the patched version of openldap depends on stuff in the connector. Maybe it's just me, but wouldn't it be a good thing to not depend on a *patched* version of OpenLDAP but rather a stock OpenLDAP, that knows how to speak NTLM? Current situation: Ximian Connector contains NTLM-functionality. To use the Connector, you need a patched version of OpenLDAP. The patched version of OpenLDAP calls some functions in the Connector to do NTLM. I'm quite sure that we can agree that the patched version of OpenLDAP and the Connector have an interdependency, right? The situation I propose: The NTLM-functionality from the Connector is moved into a new library (libntlm). The patch to OpenLDAP which is currently used for the Connector, is submitted to upstream. This creates a dependency between OpenLDAP and libntlm. The Connector can now run with the new stock OpenLDAP. If this is not correct, I obviously have misunderstood something, and I apologize for the inconvenience. -- Salu2, SÃren. _______________________________________________ evolution-hackers maillist - evolution-hackers@xxxxxxxxxxxxxxxx http://lists.ximian.com/mailman/listinfo/evolution-hackers

Next Message by Thread: click to view message preview

Re: NTLM stuff

On man, 2004-05-17 at 10:10 -0400, Rodney Dawes wrote: > > How so? If OpenLDAP learns how to speak NTLM, what do we need a special > > version for? > Because it will take at least a year to make it into the distros > properly. Oh, ok. That makes sense. > > Current situation: > > Ximian Connector contains NTLM-functionality. > > To use the Connector, you need a patched version of OpenLDAP. > > The patched version of OpenLDAP calls some functions in the Connector to > > do NTLM. > No. The patched version of OpenLDAP adds some hooks that the exchange > code connects to. Aha! I think the penny just dropped. :-) > This is no different than the callbacks provided by the other libraries that > evolution-exchange uses... GTK+ for example. Except of course that GTK+ does what Evolution needs without pathces, right? > > I'm quite sure that we can agree that the patched version of OpenLDAP > > and the Connector have an interdependency, right? > No. Because they don't. :) Well, if you want to do NTLM with OpenLDAP, then yes, but otherwise no. :-) > > The situation I propose: > > The NTLM-functionality from the Connector is moved into a new library > > (libntlm). > > The patch to OpenLDAP which is currently used for the Connector, is > > submitted to upstream. This creates a dependency between OpenLDAP and > > libntlm. > > The Connector can now run with the new stock OpenLDAP. > There's no need for a libntlm. We can just put the code straight into > OpenLDAP. Having a libntlm would end up creating a mess of dependencies > between more than 2 modules. Okie. I don't know how complex NTLM is. I just assumed it was pretty complex, and Evolution still needs to do it itself for SMTP and IMAP authentication, and then it'd make sense to move it into a library. But hey, if it's that simple, all that's left to do is to forward the OpenLDAP patch to upstream? -- Salu2, SÃren. (wannabe Evolution-hacker) _______________________________________________ evolution-hackers maillist - evolution-hackers@xxxxxxxxxxxxxxxx http://lists.ximian.com/mailman/listinfo/evolution-hackers