--On Tuesday, January 31, 2017 5:07 PM +0100 Michael Ströder michael@stroeder.com wrote:

Hmm, up to now I thought setting LDAP_TLS_CACERT and friends overrides whatever is set in ldap.conf or .ldaprc.

Variables do override, however, I have no clue as to *what* things may be set somewhere. If I were to unset LDAPNOINIT, any test is subject to anything I don't specifically override that the user, system admin, etc, may have set.

And I also thought LDAPNOINIT disables all defaults from config files.

It disables everything (config files, environment variables, etc).

Thus the following files and variables are read, in order: variable $LDAPNOINIT, and if that is not set: system file /usr/local/etc/openldap/ldap.conf, user files $HOME/ldaprc, $HOME/.ldaprc, ./ldaprc, system file $LDAPCONF, user files $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC, variables $LDAP<uppercase option name>.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com