On Fri, Jan 03, 2025 at 08:55:32AM +0000, Windl, Ulrich wrote: >> Can you give better background on what you want to do? Generally it's >> *not* >> recommended to use the ldap* tools inside of scripts, for example. I >> usually use python-ldap as an alternative in that case. > > If the tools are not fit to be used in scripts, those tools should be fixed > IMHO. > The philosophy of UNIX was that any command can be used in a script...
In the context of this discussion: - one shouldn't rely on system config files in scripts - -o tls_something=value settings exist, Eric even mentions them yet they do not want to use them, same with LDAPTLS_* environment variables - $CWD/ldaprc is available and these options we are discussing are honoured if set there As for use in scripts, a lot of them tend to use the ldap* tools the way they would use "ls", and that's definitely not recommended. Anything from quoting issues to localisation can and will eventually break such scripts. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP