On 27. april 2017 13:28, Michael Ströder wrote:
Is there an reliable way to detect whether LDAPI support is enabled
in the OpenLDAP build
on a particular platform? I vaguely remember the developer discussions about disabling
LDAPI on platforms where the peer credentials are not secure.
No, that would not make sense. We discussed disabling or tightening
Bind:SASL/EXTERNAL with peer creds. Result, in liblutil/getpeerid.c:
/* We must receive a valid descriptor, it must be a pipe,
* it must only be accessible by its owner, and it must
* have the name of our socket written on it.
Background: I'd like to detect with python-ldap whether to enable
LDAPI in automatic
testing or not.
False alarm. But if you want to test if SASL/EXTERNAL is available
on a connection, check supportedSASLMechanisms in the root DSE.
(ldapi:// offers it, ldap:// does not unless you supplied a client cert)