[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Model clarification - was: RE: Fedora LDAP authentication failure



On Thu, Nov 11, 2004 at 12:11:22PM -0800, Jed Donnelley wrote:
> I thought I'd take this opportunity to clarify my understanding of the model
> used by some of this LDAP software.
> 
> My understanding is that the distinction between the above two mentioned
> ldap.conf files is that:
> 
> /etc/openldap/ldap.conf  is the configuration for the openldap *server*

The /etc/openldap/ldap.conf file contains default settings used by
libldap, and by extension all applications which use libldap, such as
ldapsearch.  Most applications provide some way of letting you specify
these settings directly, so you can frequently get away with not
modifying this file.

> and
> 
> /etc/ldap.conf  is the configuration for ldap *client* access, including
>                       PAM and the NSS libraries.

The /etc/ldap.conf file is used exclusively by nss_ldap and pam_ldap (in
addition to /etc/openldap/ldap.conf, because both of them link with
libldap).  An unfortunate choice of filename, I think, but at this point
I think attempting to change it would just confuse things further.

A consequence of this mix is that many settings you would set in
/etc/openldap/ldap.conf can be set (or overridden) for nss_ldap and
pam_ldap in /etc/ldap.conf.

HTH,

Nalin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]