quanah@stanford.edu wrote:
--On Tuesday, November 14, 2006 5:06 AM +0000 Kurt@OpenLDAP.org wrote:
I note that nss/pam-ldap setting NOINIT (or otherwise mucking with libldap options) might break LDAP-enabled programs. But that's another matter.
Anyways, I think the only good fix (for this and many other larger problems) is a library redesign/rewrite.
Okay.
I note I don't find any mention of NOINIT in the nss_ldap or pam_ldap source, maybe it was removed at some point? I'm looking at the latest code from PADL.
Unless you mean patching nss_ldap/pam_ldap to set "LDAPNOINIT" in the environment? Which has other problems.
For the specific case of nss/pam_ldap the obvious solution is to require that they never use default values anywhere. Generally that is already what happens anyway.
-
hyc@symas.com