/etc/sasl

[Russ Allbery]

Patrick Ben Koetter <p at state-of-mind.de> writes:
> * Russ Allbery <rra at debian.org>:

>> Currently, OpenLDAP puts its SASL configuration in /etc/ldap, which from
>> the OpenLDAP perspective also makes sense.  I personally think of SASL

> The OpenLDAP source code does this by default or is this Debian
> specific?

It's a Debian-specific patch.  It looks for /etc/ldap/sasl2/slapd.conf.

> What might speak for having it all in one location is that people need
> to set SASL up separately from their app and that they also (should)
> test it separately from their app. It's more like a standalone thing. I
> can set it up and have it working without even having e.g. Postfix
> installed.

Good point.  It also wouldn't require patches to each individual
application using SASL to specify a location.

> How about this for a migration path from /usr/lib/sasl2 to /etc/sasl2:
>
> 1. Search in app specific path (controlled by app maintainer/developer)
> 2. Search in /etc/sasl2 (controlled by SASL defaults)
> 3. Search in /usr/lib/sasl2 and log a warning that /usr/lib/sasl2 is being
>    deprecated.

Isn't this what the current SASL packages are already doing?  I thought I
looked at them recently and found that this was already the algorithm.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>