Re: Patch adding command line TLS support to the ldap utilities

2017-01-31 Thread Quanah Gibson-Mount 
--On Tuesday, January 31, 2017 5:07 PM +0100 Michael Ströder 
 wrote:




Hmm, up to now I thought setting LDAP_TLS_CACERT and friends overrides
whatever is set in ldap.conf or .ldaprc.


Variables do override, however, I have no clue as to *what* things may be 
set somewhere.  If I were to unset LDAPNOINIT, any test is subject to 
anything I don't specifically override that the user, system admin, etc, 
may have set.



And I also thought LDAPNOINIT disables all defaults from config files.


It disables everything (config files, environment variables, etc).

  Thus the following files and variables are read, in order:
  variable $LDAPNOINIT, and if that is not set:
  system file  /usr/local/etc/openldap/ldap.conf,
  user files   $HOME/ldaprc,  $HOME/.ldaprc,  ./ldaprc,
  system file  $LDAPCONF,
  user files   $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
  variables$LDAP.


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: Patch adding command line TLS support to the ldap utilities

2017-01-31 Thread Quanah Gibson-Mount 
--On Tuesday, January 31, 2017 4:24 PM +0100 Michael Ströder 
 wrote:



Quanah Gibson-Mount wrote:

In working on creating a TLS testsuite for OpenLDAP, a glaring omission
in the abilities of the command line tools quickly became apparent.
Specifically, the inability to set any TLS related options.


Just out of curiosity:
Wasn't using the env vars not enough in the test suite's shell scripts?


No.  I have no way of knowing what option(s)/conf files may exist in the 
environment of the user building OpenLDAP.  We set LDAPNOINIT in the test 
suite to avoid this problem for the non-TLS portion, but there's no ability 
to do anything TLS related at that point w/o such a patch.


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: Patch adding command line TLS support to the ldap utilities

2017-01-31 Thread Michael Ströder 
Quanah Gibson-Mount wrote:
> In working on creating a TLS testsuite for OpenLDAP, a glaring omission in the
> abilities of the command line tools quickly became apparent. Specifically, the
> inability to set any TLS related options.

Just out of curiosity:
Wasn't using the env vars not enough in the test suite's shell scripts?

Ciao, Michael.



smime.p7s
Description: S/MIME Cryptographic Signature