[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL_MECH EXTERNAL in system ldap.conf

At 02:35 AM 3/6/2006, Phil Pennock wrote:
>Actually, the only item needed in the per-user config is the SASL_MECH,
>I just keep them together for clarity. 

But note that these settings are quite independent.  If
the user connects using -H ldap.example.net, ldapsearch(1)
will use SASL EXTERNAL even where SASL EXTERNAL is not

> Is there a reason to disallow this option in the system config?

The user has no facility to disable a global SASL_MECH setting
(without disabling use of the complete system ldap.conf).
For instance, a user wanting auto-selection of the SASL
mechanism (ldapsearch(1)'s default behavior) cannot unset
the SASL_MECH setting but instead must cause the system
ldap.conf to be ignored.

> Is it likely to be changed in official source?

HEAD presently includes such a change.  However, it's possible
that change could be reverted.