* Kurt D. Zeilenga (Kurt@OpenLDAP.org) wrote: > The main problem with here is that ldap.conf is a defaulting > mechanism which should have no effect unless the application > asks for default behavior. Most applications are actually > don't ask for default behavior, they ask for specific behavior. Maybe I'm misreading this but isn't the 'default bevhaviour' exactly what the ldapsearch and other tools are expected to do when called with no options? My initial goal, at least, would be to be able to execute 'ldapsearch' with no arguments and have it connect to the default ldap server, retrive the default set of things to retrive, use SASL for authentication and TLS for confidentiality. At the moment everything works with BASE, URI and TLS_CACERT set in the ldap.conf and -ZZ passed on the command-line. I'd like to be able to set the default behaviour to be w/ TLS and not need the -ZZ on the command-line. > They generally don't expect the library to be issuing LDAP > operations without their knowledge. I can understand that. I was talking more specifically about the tools shipped with OpenLDAP. Other applications may need to be dealt with in other ways, though, personally, I'd really love to see an ability to say 'use TLS' in some global config file and have all LDAP using applications then use TLS, with the specified certificates and whatnot. Stephen
Attachment:
pgpDubhCGkjDl.pgp
Description: PGP signature