[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DNS discovery for OpenLDAP?



Quoting Buchan Milne <bgmilne@staff.telkomsa.net>:

IIRC nss_ldap by supports DNS discovery, if you omit the URI. ...
Did you mean to say that nss_ldap uses DNS discovery "by default"?  
Indeed, that is the way it seems to behave; I just ran some more  
tests, and apparently the nss_srv_domain option is not even necessary.
However, pam_ldap does not, and IMHO, shouldn't by default ...
Indeed, I can also omit the LDAP URI from /etc/pam_ldap.conf and still  
the users have no problem logging in. Kerberos is doing its job.
Now the only thing left is /etc/ldap/ldap.conf. Unfortunately, if no  
LDAP URI is included in this configuration file, most of the usual  
LDAP utilities will not work. If it includes an option like "URI  
ldap:///dc%3Dexample%2Cdc%3Dcom";, not even ldapsearch will understand.  
What's the problem here... libldap?
Thanks,

Jaap