Norm Green wrote: > Hello LDAP users and maintainers, > > libraries/libldap/init.c has this code which bypasses read all LDAP config > env vars when the exe loadlig libldap is running in setuid mode. > > This is causing problems for one of our customers who routinely run our > product Linux executables (which load our libldap) in setuid mode for > legitimate purposes. > Since we have the source, we can and may change this code. > > In our case, customer wants to set env var LDAPCONF to point at a non-default > conf file but is unable to do so. In fact this code bypasses almost all ways > an > alternate config file can be read. > Even $HOME/ldap.conf is not read. > > My question here is should this code be considered a bug and changed to be > less restrictive?
No. Read the commit history. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
