Model clarification - was: RE: Fedora LDAP authentication failure
Nalin Dahyabhai
nalin at redhat.com
Fri Nov 12 23:25:34 UTC 2004
On Thu, Nov 11, 2004 at 12:11:22PM -0800, Jed Donnelley wrote:
> I thought I'd take this opportunity to clarify my understanding of the model
> used by some of this LDAP software.
>
> My understanding is that the distinction between the above two mentioned
> ldap.conf files is that:
>
> /etc/openldap/ldap.conf is the configuration for the openldap *server*
The /etc/openldap/ldap.conf file contains default settings used by
libldap, and by extension all applications which use libldap, such as
ldapsearch. Most applications provide some way of letting you specify
these settings directly, so you can frequently get away with not
modifying this file.
> and
>
> /etc/ldap.conf is the configuration for ldap *client* access, including
> PAM and the NSS libraries.
The /etc/ldap.conf file is used exclusively by nss_ldap and pam_ldap (in
addition to /etc/openldap/ldap.conf, because both of them link with
libldap). An unfortunate choice of filename, I think, but at this point
I think attempting to change it would just confuse things further.
A consequence of this mix is that many settings you would set in
/etc/openldap/ldap.conf can be set (or overridden) for nss_ldap and
pam_ldap in /etc/ldap.conf.
HTH,
Nalin
More information about the Pam-list
mailing list