[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Ldap and passwd command
Thank you! At last I have realised my mistake. Judging by the number
of posts like this it is a common one. I was looking in the openldap
ldap.conf to change PAM features in the /etc/ldap.conf! Now that this
file has the settings that I wanted it works. So simple when you know.
Seems like a good idea for applications to default to non-generic names
for files that are not generic, it would avoid this sort of confusion.
Many thanks, and apologies for the off topic subject, I was getting
desperate!
Damon
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Harry Rüter
Sent: 23 January 2004 14:47
To: Openldap list
Subject: Re: Ldap and passwd command
Hi list,
as there are very often confusions about ldap.conf
in the list i suggest to use another name when
configuring pam_ldap/nss_ldap.
There's a configure-option in nss_ldap and in pam_ldap
which is very useful :
In nss_ldap i use :
--with-ldap-conf-file=/etc/nss_ldap.conf
In pam_ldap i use :
--with-ldap-conf-file=/etc/pam_ldap.conf
And , voila, ldap.conf now *ONLY" belongs to openldap-tools
pam_ldap/nss_ldap have their own config-file.
I wished that the default in nss_ldap/pam_ldap would
would do something like i did, so Luke Howard,
if you read this what about changing it in future releases of
nss_ldap/pam_ldap ?
greets Harry
Kurt D. Zeilenga schrieb:
> At 01:25 AM 1/23/2004, Damon Jebb wrote:
>
>>I have now had a look at the presentation and tried for a day to find
where I
>>am going wrong with this. I have also tried several times to access
the padl
>>lists, without success, so please forgive my responding here rather
than
>>there.
>
>
> Have you tried contacting their postmaster?
>
> I will attempt to respond to the portions of your message
> that relate directly to OpenLDAP Software. However, since I
> discussing particulars of non-OpenLDAP Software is off topic
> here, I won't delve into them. (And since I actually know very
> little about the particulars of PAM LDAP, I wouldn't have much
> to say anyways.)
>
>
>>I have this in my /etc/openldap/ldap.conf
>
>
> Given the name, I'd assume here that this would a OpenLDAP
> ldap.conf file, however, it appears that you placed (presumably)
> PAM/LDAP directives there. I suspect you confused the OpenLDAP
> Software file for their configuration file.
>
>
>>I know that the ldap.conf file is being used during the client access
to the
>>ldap server because some changes to it have broken it.
>
>
> Changing /etc/openldap/ldap.conf (assuming this is the OpenLDAP
> ldap.conf) will affect all clients relying on OpenLDAP libraries
> to provide defaults, including ldapsearch(1).
>
>
>>I can see from the log file using debug level 128 that the bind is
anonymous
>>not with the dn specified in the file. What am I doing wrong? When I
>>disallow anonymous bind in the slapd.conf nothing works properly.
>
>
> PAM/LDAP, I believe, has its own file for defaults/configuration.
> It's often called ldap.conf but is usually is found in another
> directory.
>
> Kurt
>
>