Full_Name: W. Trevor King Version: git commit 22bf5188 OS: Gentoo URL: http://blog.tremily.us/posts/LDAP/tool-nocanon.patch Submission from: (NULL) (72.68.88.202) The ldap.conf SASL_NOCANON configuration option (or LDAPSASL_NOCANON environment variable) should set the default behaviour for OpenLDAP tools such as ldapwhoami. This configuration option should allow users to use the tools without having to use the matching command line option (-N). Unfortunately, the current code sets the option to true/false after only querying the command line option. I'm linking to a patch that looks at the current value of the option first, and if it's true, skips processing the command line option (which would either be a redundant -N keeping the option true, or an absence of -N which implies the user wants to use the configured value (true)). Another approach would be to set the initial value of nocanon to UNINITIALIZED (-1?). Command line arguments could set nocanon to 1 (true, -N) or false (0, --canon?). Then we would only call ldap_set_option if nocanon was not UNINITIALIZED. I can work up a patch using this second approach if people prefer. If so, let me know if you want me to define UNINITIALIZED, or to just use -1. I didn't check, but I would not be surprised if this same clobbering occurred for other command line options.
I forgot to add the notice to the patch I just submitted. Here's the notice: The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by W. Trevor King wking@tremily.us. I have not assigned rights and/or interest in this work to any party. I, W. Trevor King, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. I've attached the patch again, since that matches the language in the notice. Cheers, Trevor -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
wking@tremily.us wrote: > Full_Name: W. Trevor King > Version: git commit 22bf5188 > OS: Gentoo > URL: http://blog.tremily.us/posts/LDAP/tool-nocanon.patch > Submission from: (NULL) (72.68.88.202) > > > The ldap.conf SASL_NOCANON configuration option (or LDAPSASL_NOCANON environment > variable) should set the default behaviour for OpenLDAP tools such as > ldapwhoami. This configuration option should allow users to use the tools > without having to use the matching command line option (-N). Unfortunately, the > current code sets the option to true/false after only querying the command line > option. > > I'm linking to a patch that looks at the current value of the option first, and > if it's true, skips processing the command line option (which would either be a > redundant -N keeping the option true, or an absence of -N which implies the user > wants to use the configured value (true)). > > Another approach would be to set the initial value of nocanon to UNINITIALIZED > (-1?). Command line arguments could set nocanon to 1 (true, -N) or false (0, > --canon?). Then we would only call ldap_set_option if nocanon was not > UNINITIALIZED. > > I can work up a patch using this second approach if people prefer. If so, let > me know if you want me to define UNINITIALIZED, or to just use -1. > > I didn't check, but I would not be surprised if this same clobbering occurred > for other command line options. The only other boolean command line option is referrals, which is deprecated and has been undocumented for years. Not worth bothering over. Ideally the command line option should have been able to set this explicitly to both true and false, to allow complete control over the option. But I'm not particularly concerned either way. Since the option currently can only be set to true, it would be sufficient to just check for nocanon != 0 before calling ldap_set_option. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed state Open to Feedback
On Wed, May 30, 2012 at 06:14:38AM -0700, Howard Chu wrote: > Ideally the command line option should have been able to set this > explicitly to both true and false, to allow complete control over > the option. But I'm not particularly concerned either way. Since the > option currently can only be set to true, it would be sufficient to > just check for nocanon != 0 before calling ldap_set_option. My personal goal here is to not need to bother with command line options, so I'm fine with this less general solution. Another patch (only set the option with an explicit `-N`) attached. --- The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by W. Trevor King wking@tremily.us. I have not assigned rights and/or interest in this work to any party. I, W. Trevor King, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy
W. Trevor King wrote: > On Wed, May 30, 2012 at 06:14:38AM -0700, Howard Chu wrote: >> Ideally the command line option should have been able to set this >> explicitly to both true and false, to allow complete control over >> the option. But I'm not particularly concerned either way. Since the >> option currently can only be set to true, it would be sufficient to >> just check for nocanon != 0 before calling ldap_set_option. > > My personal goal here is to not need to bother with command line > options, so I'm fine with this less general solution. Another patch > (only set the option with an explicit `-N`) attached. > > --- > The attached patch file is derived from OpenLDAP Software. All of the > modifications to OpenLDAP Software represented in the following > patch(es) were developed by W. Trevor King wking@tremily.us. I have > not assigned rights and/or interest in this work to any party. > > I, W. Trevor King, hereby place the following modifications to > OpenLDAP Software (and only these modifications) into the public > domain. Hence, these modifications may be freely used and/or > redistributed for any purpose with or without attribution and/or other > notice. > Thanks, added to master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes changed state Feedback to Test moved from Incoming to Software Bugs
changed notes changed state Test to Release
changed notes changed state Release to Closed
fixed in master fixed in RE24