Norm Green wrote:
Hello LDAP users and maintainers,
libraries/libldap/init.c has this code which bypasses read all LDAP config env vars when the exe loadlig libldap is running in setuid mode.
This is causing problems for one of our customers who routinely run our product Linux executables (which load our libldap) in setuid mode for legitimate purposes. Since we have the source, we can and may change this code.
In our case, customer wants to set env var LDAPCONF to point at a non-default conf file but is unable to do so. In fact this code bypasses almost all ways an alternate config file can be read. Even $HOME/ldap.conf is not read.
My question here is should this code be considered a bug and changed to be less restrictive?
No. Read the commit history.