[Date Prev][Date Next]
Re: ldap_<set/get>_option() weirdness
At 03:30 PM 7/21/2005, Alexey Melnikov wrote:
>Kurt D. Zeilenga wrote:
>>At 08:05 PM 7/19/2005, Alexey Melnikov wrote:
>>>Hallvard B Furuseth wrote:
>>>>ldap_set_option() and ldap_get_option() have many strange behaviors.
>>>>Which of these should I document, which should be changed, and which
>>>>options and nuances below should just be omitted from the man page?
>>>>(I'm reading some libldap source and
>>>>* ldap.conf vs. C API:
>>>>ldap.conf options BINDDN, BASE, PORT have no equivalent C API calls.
>>>>ldap.conf options SASL_AUTHCID, SASL_AUTHZID, SASL_MECH, SASL_REALM
>>>>cannot be set with the C API.
>>>I think it would be a very good idea to make all options settable in ldap.conf also settable through C API .
>>>Otherwise OpenLDAP forces all applications that use libldap to also use ldap.conf, which might be unacceptable when an application has own configuration system.
>>Such a program can simply make API calls that don't rely
>>on defaults. For instance by not providing NULL as a
>>binddn argument to ldap_bind(3).
>Of course this doesn't work for some SASL/TLS options which are not settable through C API, e.g. SASL realm.
IIRC, there is a method for getting the SASL CTX and from that
you can do whatever the SASL API allows.
>>That is, programs are not forced to use ldap.conf(5).
>What I don't like is that libldap tries to find and read ldap.conf automatically.
Well, if I had to do it again, I likely would have separated
configuration parsing and default setting.... something
for the next generation API/implementation I guess.
>Is there any way to control that?
Yes, the program (or the user) can set an environment
variable to disable reading of ldap.conf.
>> They can disable the
>>defaulting and still obtain full functionality.