At 03:30 PM 7/21/2005, Alexey Melnikov wrote: >Kurt D. Zeilenga wrote: > >>At 08:05 PM 7/19/2005, Alexey Melnikov wrote: >> >>>Hallvard B Furuseth wrote: >>> >>> >>>>ldap_set_option() and ldap_get_option() have many strange behaviors. >>>>Which of these should I document, which should be changed, and which >>>>options and nuances below should just be omitted from the man page? >>>> >>>>(I'm reading some libldap source and >>>>doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt.) >>>> >>>> >>>>* ldap.conf vs. C API: >>>> >>>>ldap.conf options BINDDN, BASE, PORT have no equivalent C API calls. >>>> >>>>ldap.conf options SASL_AUTHCID, SASL_AUTHZID, SASL_MECH, SASL_REALM >>>>cannot be set with the C API. >>>> >>>I think it would be a very good idea to make all options settable in >>>ldap.conf also settable through C API . >>>Otherwise OpenLDAP forces all applications that use libldap to also use >>>ldap.conf, which might be unacceptable when an application has own >>>configuration system. >> >>Such a program can simply make API calls that don't rely >>on defaults. For instance by not providing NULL as a >>binddn argument to ldap_bind(3). >Of course this doesn't work for some SASL/TLS options which are not settable >through C API, e.g. SASL realm.
IIRC, there is a method for getting the SASL CTX and from that you can do whatever the SASL API allows. >>That is, programs are not forced to use ldap.conf(5). >What I don't like is that libldap tries to find and read ldap.conf >automatically. Well, if I had to do it again, I likely would have separated configuration parsing and default setting.... something for the next generation API/implementation I guess. >Is there any way to control that? Yes, the program (or the user) can set an environment variable to disable reading of ldap.conf. >> They can disable the >>defaulting and still obtain full functionality. >> >Alexey
