[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Patch adding command line TLS support to the ldap utilities

--On Tuesday, January 31, 2017 5:07 PM +0100 Michael Ströder <michael@stroeder.com> wrote:

Hmm, up to now I thought setting LDAP_TLS_CACERT and friends overrides
whatever is set in ldap.conf or .ldaprc.

Variables do override, however, I have no clue as to *what* things may be set somewhere. If I were to unset LDAPNOINIT, any test is subject to anything I don't specifically override that the user, system admin, etc, may have set.

And I also thought LDAPNOINIT disables all defaults from config files.

It disables everything (config files, environment variables, etc).

      Thus the following files and variables are read, in order:
          variable     $LDAPNOINIT, and if that is not set:
          system file  /usr/local/etc/openldap/ldap.conf,
          user files   $HOME/ldaprc,  $HOME/.ldaprc,  ./ldaprc,
          system file  $LDAPCONF,
          user files   $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
          variables    $LDAP<uppercase option name>.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: