Am Freitag 24 September 2010, 10:08:32 schrieb Michael Ströder:
Ralf,
thanks for your followup on this.
Ralf Haferkamp wrote:
On Wednesday 22 September 2010 19:05:58 Michael Ströder wrote:
Ralf Haferkamp wrote:
If you really want the TLS context recreated with each iteration I think you can just call: ldap_set_option( NULL, LDAP_OPT_X_TLS_NEWCTX, LDAP_OPT_ON); after the above calls.
Ralf, does that really work? I did not manage to get this working from python-ldap...
Last time I checked it did. That was some month ago. But looking at the libldap code it might be that LDAP_OPT_ON is probably the wrong value to pass to it. It seems you need to pass a pointer to an integer. That integer value is passed as the is_server argument to the functions that actually initialize the context. So I guess in client code you'd pass a int pointer to 0.
The relevant code excerpts from python-ldap/Modules/options.c are:
[..] /* integer value options */ if (!PyArg_Parse(value, "i:set_option", &intval)) return 0; ptr = &intval; break; [..] if (res != LDAP_OPT_SUCCESS) { option_error(res, "ldap_set_option"); return 0; } [..]
That looks like your description. But I'd have to use 0 as the option value?
I think so. I am not exactly sure what your code does. My knowledge about Python C bindings is very limited. In plain C you would do this:
int value=0; [..] ldap_set_option(ldap, LDAP_OPT_X_TLS_NEWCTX, &value);
to create a new TLS context for a client. For a server context you'd use any non-zero value. BTW, this is also documented in the ldap_set_option(3) manpage (surprisingly :)).
regards, Ralf