I'd like to add support for multiple system-wide ldap.conf files. Our site needs one which comes with the LDAP package, and one which the host admin can create to override.
One way would be to add this to include/ldap_defaults.h: /* Array initializer for system-wide LDAP configuration files. * The contents of late files override earlier ones. * Update the FILES section of doc/man/man5/ldap.conf.5 to match. */ #define LDAP_CONF_FILELIST { LDAP_CONF_FILE } after the line #define LDAP_CONF_FILE LDAP_SYSCONFDIR LDAP_DIRSEP "ldap.conf"
Another way: An ldap.conf directive "tryinclude <filename>" so the package's ldap.conf can include the host-specific ldap.conf. Also allows a user's ldap.conf to include some package's ldap.conf, if needed. And it allows include-loops, so there should be a "max include depth" limit.
Opinions?
Hallvard B Furuseth wrote:
I'd like to add support for multiple system-wide ldap.conf files. Our site needs one which comes with the LDAP package, and one which the host admin can create to override.
You can already specify an additional config file using the LDAPCONF environment variable. Just put that in the system wide cshrc and shell profile.
One way would be to add this to include/ldap_defaults.h: /* Array initializer for system-wide LDAP configuration files. * The contents of late files override earlier ones. * Update the FILES section of doc/man/man5/ldap.conf.5 to match. */ #define LDAP_CONF_FILELIST { LDAP_CONF_FILE } after the line #define LDAP_CONF_FILE LDAP_SYSCONFDIR LDAP_DIRSEP "ldap.conf"
Not sure that hardcoding more paths is a good idea.
Another way: An ldap.conf directive "tryinclude<filename>" so the package's ldap.conf can include the host-specific ldap.conf. Also allows a user's ldap.conf to include some package's ldap.conf, if needed. And it allows include-loops, so there should be a "max include depth" limit.
An include directive might be OK. It should simply record the trail of files it has already opened and refuse to include a file twice.
Howard Chu writes:
Hallvard B Furuseth wrote:
I'd like to add support for multiple system-wide ldap.conf files. Our site needs one which comes with the LDAP package, and one which the host admin can create to override.
You can already specify an additional config file using the LDAPCONF environment variable. Just put that in the system wide cshrc and shell profile.
Good idea. That should take care of most of it. Though I think there are hosts were "just" is the wrong word:-) And I need to check what's going on with system accounts that have shells like /bin/false. Hopefully they setuid() from an account with a real shell.
Deferring the rest to my "nice to have" list for now...
One way would be to add this to include/ldap_defaults.h: /* Array initializer for system-wide LDAP configuration files. * The contents of late files override earlier ones. * Update the FILES section of doc/man/man5/ldap.conf.5 to match. */ #define LDAP_CONF_FILELIST { LDAP_CONF_FILE } after the line #define LDAP_CONF_FILE LDAP_SYSCONFDIR LDAP_DIRSEP "ldap.conf"
Not sure that hardcoding more paths is a good idea.
Another way: An ldap.conf directive "tryinclude<filename>" so the package's ldap.conf can include the host-specific ldap.conf. Also allows a user's ldap.conf to include some package's ldap.conf, if needed. And it allows include-loops, so there should be a "max include depth" limit.
An include directive might be OK. It should simply record the trail of files it has already opened and refuse to include a file twice.
OK. I think s/has already opened/currently has open/ though. If file1 does some setup and then includes file2, that should mean "let file2, if it exists, override the settings in file1".
-
Hallvard B Furuseth -
Howard Chu