[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Ldap and passwd command



Thank you!  At last I have realised my mistake.  Judging by the number
of posts like this it is a common one.  I was looking in the openldap
ldap.conf to change PAM features in the /etc/ldap.conf!  Now that this
file has the settings that I wanted it works.  So simple when you know.
Seems like a good idea for applications to default to non-generic names
for files that are not generic, it would avoid this sort of confusion.

Many thanks, and apologies for the off topic subject, I was getting
desperate!

Damon

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Harry Rüter
Sent: 23 January 2004 14:47
To: Openldap list
Subject: Re: Ldap and passwd command

Hi list,

as there are very often confusions about ldap.conf
in the list i suggest to use another name when
configuring pam_ldap/nss_ldap.

There's a configure-option in nss_ldap and in pam_ldap
which is very useful :

In nss_ldap i use :
--with-ldap-conf-file=/etc/nss_ldap.conf

In pam_ldap i use :
--with-ldap-conf-file=/etc/pam_ldap.conf

And , voila, ldap.conf now *ONLY" belongs to openldap-tools
pam_ldap/nss_ldap have their own config-file.

I wished that the default in nss_ldap/pam_ldap would
would do something like i did, so Luke Howard,
if you read this what about changing it in future releases of
nss_ldap/pam_ldap ?


greets Harry

Kurt D. Zeilenga schrieb:

> At 01:25 AM 1/23/2004, Damon Jebb wrote:
> 
>>I have now had a look at the presentation and tried for a day to find
where I 
>>am going wrong with this.  I have also tried several times to access
the padl 
>>lists, without success, so please forgive my responding here rather
than 
>>there.
> 
> 
> Have you tried contacting their postmaster? 
> 
> I will attempt to respond to the portions of your message
> that relate directly to OpenLDAP Software.  However, since I
> discussing particulars of non-OpenLDAP Software is off topic
> here, I won't delve into them.  (And since I actually know very
> little about the particulars of PAM LDAP, I wouldn't have much
> to say anyways.)
> 
> 
>>I have this in my /etc/openldap/ldap.conf
> 
> 
> Given the name, I'd assume here that this would a OpenLDAP
> ldap.conf file, however, it appears that you placed (presumably)
> PAM/LDAP directives there.  I suspect you confused the OpenLDAP
> Software file for their configuration file.
> 
> 
>>I know that the ldap.conf file is being used during the client access
to the 
>>ldap server because some changes to it have broken it.
> 
> 
> Changing /etc/openldap/ldap.conf (assuming this is the OpenLDAP
> ldap.conf) will affect all clients relying on OpenLDAP libraries
> to provide defaults, including ldapsearch(1).
> 
> 
>>I can see from the log file using debug level 128 that the bind is
anonymous 
>>not with the dn specified in the file.  What am I doing wrong?  When I

>>disallow anonymous bind in the slapd.conf nothing works properly.
> 
> 
> PAM/LDAP, I believe, has its own file for defaults/configuration.
> It's often called ldap.conf but is usually is found in another
> directory.
> 
> Kurt 
> 
>