[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: pam services under LDAP
> I have created a symlink from /etc/openldap/ldap.conf to
> /etc/ldap.conf... that seems to have gotten the majority of the system
> communicating with PAM/LDAP. I guess that making a .ldaprc file in the
> users home directory and putting those directives in there would be
> about the equivalent.
Those two files do not serve the same purpose, nor use the same options.
/etc/openldap/ldap.conf is for ldap tools - ie ldapsearch, ldapmodify, etc.
Primarily only on openldap servers (and perhaps admin work stations).
/etc/ldap.conf is used by pam.
Symlinking from to the other won't help.
For reference, here are examples of my ldap.conf from a NON ldap server:
# /etc/ldap.conf
uri ldaps://ldap-vip.example.net
timelimit 30
bind_timelimit 30
bind_policy hard_open
base dc=example,dc=net
scope sub
ssl on
tls_checkpeer no
tls_cacertfile /etc/openldap/cacert.pem
pam_login_attribute uid
pam_lookup_policy yes
pam_password exop
nss_base_passwd ou=people,dc=example,dc=net?one
# /etc/openldap/ldap.conf
URI ldap://ldapconsole.example.net/
BASE " dc=example,dc=net"
TLS_CACERTDIR /etc/openldap/cacerts
On the box I pulled these from, the latter file is never used - nor will it even work.
If that line is a pam config directive, it belongs in /etc/ldap.conf.
If you keep straight what you're working on, it will likely help.
- chris
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.