ENV {} and rlm_ldap.so

Alan DeKok aland at deployingradius.com
Fri May 21 23:15:28 CEST 2021


On May 21, 2021, at 5:07 PM, Michael Ströder via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> If I set
> 
> ENV {
> 
>  LDAPNOINIT = '1'
> 
> }
> 
> in radiusd.conf will this env var be set before libldap gets loaded via
> rlm_ldap.so and initialized?

  Yes.

  The server loads the configuration files, and then immediately sets ENV variables.  This is done before *anything* else.

> Background:
> Setting LDAPNOINIT to any value will prevent OpenLDAP's libldap to read
> any default settings from a system-wide ldap.conf (see man page
> ldap.conf(5)). This ensures that only LDAP settings in the FreeRADIUS
> config will be used.
> 
> Of course I can also set this in the systemd unit. But for those not
> using systemd this would even be a nice better default.

  I very much agree.

  Alan DeKok.




More information about the Freeradius-Users mailing list