Michael Ströder wrote:
Rodney Simioni wrote:/etc/openldap/ldap.conf # this config file is openldap server's ldap config file?No, it's a LDAP client config. Mostly likely for OpenLDAP ldap* command-line tools but sometimes also for other components./etc/ldap.conf # This config file is for ldap's clients?Sometimes it's used for LDAP clients like pam_ldap, sudo-ldap etc. It also might affect the behaviour of clients implement in a scripting language which uses OpenLDAP client libs through C wrapper modules (like php-ldap, python-ldap, etc.)
Not quite. There is no specific config file for OpenLDAP command line tools. The /etc/openldap/ldap.conf is a config for libldap, and as such it affects everything that uses libldap - command line tools, scripting modules, whatever.
/etc/ldap.conf was used by pam_ldap/nss_ldap, certainly. Possibly by some other things too, and yes it's a mess. pam_ldap/nss_ldap are now obsolete/unmaintained. You should be using nssov or nss-pam-ldapd now, and neither of them use /etc/ldap.conf.
The way various software and distributions deal with ldap.conf in several directories is a mess and entirely depends on how the software author / Linux distributor built the client software.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/