--On Tuesday, January 31, 2017 4:24 PM +0100 Michael Ströder michael@stroeder.com wrote:
Quanah Gibson-Mount wrote:
In working on creating a TLS testsuite for OpenLDAP, a glaring omission in the abilities of the command line tools quickly became apparent. Specifically, the inability to set any TLS related options.
Just out of curiosity: Wasn't using the env vars not enough in the test suite's shell scripts?
No. I have no way of knowing what option(s)/conf files may exist in the environment of the user building OpenLDAP. We set LDAPNOINIT in the test suite to avoid this problem for the non-TLS portion, but there's no ability to do anything TLS related at that point w/o such a patch.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount wrote:
Michael Ströder michael@stroeder.com wrote:
Quanah Gibson-Mount wrote:
In working on creating a TLS testsuite for OpenLDAP, a glaring omission in the abilities of the command line tools quickly became apparent. Specifically, the inability to set any TLS related options.
Just out of curiosity: Wasn't using the env vars not enough in the test suite's shell scripts?
No. I have no way of knowing what option(s)/conf files may exist in the environment of the user building OpenLDAP. We set LDAPNOINIT in the test suite to avoid this problem for the non-TLS portion, but there's no ability to do anything TLS related at that point w/o such a patch.
Hmm, up to now I thought setting LDAP_TLS_CACERT and friends overrides whatever is set in ldap.conf or .ldaprc.
And I also thought LDAPNOINIT disables all defaults from config files.
Ciao, Michael.
-
Michael Ströder -
Quanah Gibson-Mount