Re: ldap_<set/get>_option() weirdness

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 03:30 PM 7/21/2005, Alexey Melnikov wrote:
>Kurt D. Zeilenga wrote:
>
>>At 08:05 PM 7/19/2005, Alexey Melnikov wrote:
>>
>>>Hallvard B Furuseth wrote:
>>>   
>>>
>>>>ldap_set_option() and ldap_get_option() have many strange behaviors.
>>>>Which of these should I document, which should be changed, and which
>>>>options and nuances below should just be omitted from the man page?
>>>>
>>>>(I'm reading some libldap source and
>>>>doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt.)
>>>>
>>>>
>>>>* ldap.conf vs. C API:
>>>>
>>>>ldap.conf options BINDDN, BASE, PORT have no equivalent C API calls.
>>>>
>>>>ldap.conf options SASL_AUTHCID, SASL_AUTHZID, SASL_MECH, SASL_REALM
>>>>cannot be set with the C API.
>>>>     
>>>I think it would be a very good idea to make all options settable in ldap.conf also settable through C API .
>>>Otherwise OpenLDAP forces all applications that use libldap to also use ldap.conf, which might be unacceptable when an application has own configuration system.    
>>
>>Such a program can simply make API calls that don't rely
>>on defaults.  For instance by not providing NULL as a
>>binddn argument to ldap_bind(3).
>Of course this doesn't work for some SASL/TLS options which are not settable through C API, e.g. SASL realm.

IIRC, there is a method for getting the SASL CTX and from that
you can do whatever the SASL API allows.

>>That is, programs are not forced to use ldap.conf(5).
>What I don't like is that libldap tries to find and read ldap.conf automatically.

Well, if I had to do it again, I likely would have separated
configuration parsing and default setting....   something
for the next generation API/implementation I guess.

>Is there any way to control that?

Yes, the program (or the user) can set an environment 
variable to disable reading of ldap.conf.

>> They can disable the
>>defaulting and still obtain full functionality.
>> 
>Alexey