Re: Multiple system-wide ldap.conf files

[Howard Chu <hyc@symas.com>]

Hallvard B Furuseth wrote:
> I'd like to add support for multiple system-wide ldap.conf files.
> Our site needs one which comes with the LDAP package, and one which
> the host admin can create to override.

You can already specify an additional config file using the LDAPCONF 
environment variable. Just put that in the system wide cshrc and shell profile.

> One way would be to add this to include/ldap_defaults.h:
>      /* Array initializer for system-wide LDAP configuration files.
>       * The contents of late files override earlier ones.
>       * Update the FILES section of doc/man/man5/ldap.conf.5 to match.
>       */
>      #define LDAP_CONF_FILELIST { LDAP_CONF_FILE }
> after the line
>      #define LDAP_CONF_FILE LDAP_SYSCONFDIR LDAP_DIRSEP "ldap.conf"

Not sure that hardcoding more paths is a good idea.

> Another way: An ldap.conf directive "tryinclude<filename>" so the
> package's ldap.conf can include the host-specific ldap.conf.  Also
> allows a user's ldap.conf to include some package's ldap.conf, if
> needed.  And it allows include-loops, so there should be a "max include
> depth" limit.

An include directive might be OK. It should simply record the trail of files 
it has already opened and refuse to include a file twice.
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/