[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ldap and passwd command



Hi list,

as there are very often confusions about ldap.conf
in the list i suggest to use another name when
configuring pam_ldap/nss_ldap.

There's a configure-option in nss_ldap and in pam_ldap
which is very useful :

In nss_ldap i use :
--with-ldap-conf-file=/etc/nss_ldap.conf

In pam_ldap i use :
--with-ldap-conf-file=/etc/pam_ldap.conf

And , voila, ldap.conf now *ONLY" belongs to openldap-tools
pam_ldap/nss_ldap have their own config-file.

I wished that the default in nss_ldap/pam_ldap would
would do something like i did, so Luke Howard,
if you read this what about changing it in future releases of
nss_ldap/pam_ldap ?


greets Harry

Kurt D. Zeilenga schrieb:

At 01:25 AM 1/23/2004, Damon Jebb wrote:

I have now had a look at the presentation and tried for a day to find where I am going wrong with this. I have also tried several times to access the padl lists, without success, so please forgive my responding here rather than there.


Have you tried contacting their postmaster?

I will attempt to respond to the portions of your message
that relate directly to OpenLDAP Software.  However, since I
discussing particulars of non-OpenLDAP Software is off topic
here, I won't delve into them.  (And since I actually know very
little about the particulars of PAM LDAP, I wouldn't have much
to say anyways.)


I have this in my /etc/openldap/ldap.conf


Given the name, I'd assume here that this would a OpenLDAP
ldap.conf file, however, it appears that you placed (presumably)
PAM/LDAP directives there.  I suspect you confused the OpenLDAP
Software file for their configuration file.


I know that the ldap.conf file is being used during the client access to the ldap server because some changes to it have broken it.


Changing /etc/openldap/ldap.conf (assuming this is the OpenLDAP
ldap.conf) will affect all clients relying on OpenLDAP libraries
to provide defaults, including ldapsearch(1).


I can see from the log file using debug level 128 that the bind is anonymous not with the dn specified in the file. What am I doing wrong? When I disallow anonymous bind in the slapd.conf nothing works properly.


PAM/LDAP, I believe, has its own file for defaults/configuration.
It's often called ldap.conf but is usually is found in another
directory.

Kurt