[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7271) Don't clobber SASL_NOCANON in clients/tools/common.c
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7271) Don't clobber SASL_NOCANON in clients/tools/common.c
- From: hyc@symas.com
- Date: Wed, 30 May 2012 13:15:28 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
wking@tremily.us wrote:
> Full_Name: W. Trevor King
> Version: git commit 22bf5188
> OS: Gentoo
> URL: http://blog.tremily.us/posts/LDAP/tool-nocanon.patch
> Submission from: (NULL) (72.68.88.202)
>
>
> The ldap.conf SASL_NOCANON configuration option (or LDAPSASL_NOCANON environment
> variable) should set the default behaviour for OpenLDAP tools such as
> ldapwhoami. This configuration option should allow users to use the tools
> without having to use the matching command line option (-N). Unfortunately, the
> current code sets the option to true/false after only querying the command line
> option.
>
> I'm linking to a patch that looks at the current value of the option first, and
> if it's true, skips processing the command line option (which would either be a
> redundant -N keeping the option true, or an absence of -N which implies the user
> wants to use the configured value (true)).
>
> Another approach would be to set the initial value of nocanon to UNINITIALIZED
> (-1?). Command line arguments could set nocanon to 1 (true, -N) or false (0,
> --canon?). Then we would only call ldap_set_option if nocanon was not
> UNINITIALIZED.
>
> I can work up a patch using this second approach if people prefer. If so, let
> me know if you want me to define UNINITIALIZED, or to just use -1.
>
> I didn't check, but I would not be surprised if this same clobbering occurred
> for other command line options.
The only other boolean command line option is referrals, which is deprecated
and has been undocumented for years. Not worth bothering over.
Ideally the command line option should have been able to set this explicitly
to both true and false, to allow complete control over the option. But I'm not
particularly concerned either way. Since the option currently can only be set
to true, it would be sufficient to just check for nocanon != 0 before calling
ldap_set_option.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/