On Fri, Jan 03, 2025 at 08:55:32AM +0000, Windl, Ulrich wrote:
Can you give better background on what you want to do? Generally it's *not* recommended to use the ldap* tools inside of scripts, for example. I usually use python-ldap as an alternative in that case.
If the tools are not fit to be used in scripts, those tools should be fixed IMHO. The philosophy of UNIX was that any command can be used in a script...
In the context of this discussion: - one shouldn't rely on system config files in scripts - -o tls_something=value settings exist, Eric even mentions them yet they do not want to use them, same with LDAPTLS_* environment variables - $CWD/ldaprc is available and these options we are discussing are honoured if set there
As for use in scripts, a lot of them tend to use the ldap* tools the way they would use "ls", and that's definitely not recommended. Anything from quoting issues to localisation can and will eventually break such scripts.
Regards,