>Note that users can tell the library to use an >alternative ldap.conf(5) file, and hence go around >any 'policy' the administrator tries to enforce using >ldap.conf(5). The administrator should use more >appropriate means for enforcing such policy, such >as properly configuring their server to support >the particular set of allowed mechanisms. (Administrators
Sure, easy with Cyrus SASL, hard with Active Directory, although I am looking into it as it will be a lot easier to deploy. >The intent was for ldap.conf(5) to provide defaults >values for command line arguments. These defaults >were only to be used when the user of the tool did >not provide a value via the command line. That is, >the user should always be able to specify the >desired behavior explicitly on the command line >such that any and all defaults values are ignored. This should still work though, even with ldap.conf(5) specifying SASL_MECH. -- Luke --
