Open source LDAP client and server implementation. # Gotchas ## Global CA Configuration The options for specifying a [[Certificate Authority]] bundle or file (`OPT_X_TLS_CACERTDIR` / `OPT_X_TLS_CACERTFILE` options) apply globally, and can't apply per-connection. This means that your entire program must use the same data for these, unless you can ensure *all* LDAP operations apply sequentially (e.g., by using a lock). For most cases, this isn't an issue. However, it can become an issue for multi-tenant web services that need to offer certificate management for different organizations. ## Limitations on macOS The macOS version of libldap (an OpenLDAP fork) lacks support for the following features: * Specifying a [[Certificate Authority]] bundle or file (`OPT_X_TLS_CACERTDIR` / `OPT_X_TLS_CACERTFILE` options). * Specifying a certificate and key for [[mTLS]] authentication. * Challenges (or at least bad error messages) when verifying a SSL certificate for `localhost`. If using [[python-ldap]], it will inherit these limitations.