[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple system-wide ldap.conf files



Hallvard B Furuseth wrote:
I'd like to add support for multiple system-wide ldap.conf files.
Our site needs one which comes with the LDAP package, and one which
the host admin can create to override.

You can already specify an additional config file using the LDAPCONF environment variable. Just put that in the system wide cshrc and shell profile.


One way would be to add this to include/ldap_defaults.h:
     /* Array initializer for system-wide LDAP configuration files.
      * The contents of late files override earlier ones.
      * Update the FILES section of doc/man/man5/ldap.conf.5 to match.
      */
     #define LDAP_CONF_FILELIST { LDAP_CONF_FILE }
after the line
     #define LDAP_CONF_FILE LDAP_SYSCONFDIR LDAP_DIRSEP "ldap.conf"

Not sure that hardcoding more paths is a good idea.

Another way: An ldap.conf directive "tryinclude<filename>" so the
package's ldap.conf can include the host-specific ldap.conf.  Also
allows a user's ldap.conf to include some package's ldap.conf, if
needed.  And it allows include-loops, so there should be a "max include
depth" limit.

An include directive might be OK. It should simply record the trail of files it has already opened and refuse to include a file twice.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/