[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam search

To: Geoff Hibble <ghibble@LastFoot.com>
Subject: Re: pam search
From: David J N Begley <david@avarice.nepean.uws.edu.au>
Date: Fri, 6 Aug 1999 14:10:13 +1000 (EST)
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>, support@padl.com
In-reply-to: <37A9E5D7.84DA1AB1@LastFoot.com>

On Thu, 5 Aug 1999, Geoff Hibble wrote:

> Date: Thu, 05 Aug 1999 13:28:23 -0600
> From: Geoff Hibble <ghibble@LastFoot.com>
> To: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
> Cc: support@padl.com
> Subject: pam search

[ Discussions regarding PADL's PAM/NSS LDAP modules are best conducted on the
  ldap-nis mailing list (see the ANNOUNCE file in the NSS package). ]

> What is the effect on performance of having a large ldap DIT and pam
> pointing to the root?

Slower lookup times;  how slower, "depends".

> Is it possible that LDAP may search all the hardware and software "ou"s
> and then "people" finding "uid=ghibble" last?

Possible?  I guess so.

> Is it possible to tell pam_ldap just to search "people".

Yes - add "people" to the base DN for searches in "/etc/ldap.conf" (ie., as
far as the PAM/NSS modules are concerned, "people" would be a standard part of
your base DN).

> Is this the same for nss_ldap?

Yes.

dave

Follow-Ups:
- Re: pam search
  - From: Geoff Hibble <ghibble@LastFoot.com>

References:
- pam search
  - From: Geoff Hibble <ghibble@LastFoot.com>

Prev by Date: Re: -W not working anymore
Next by Date: Re: Hmm..
Index(es):
- Chronological
- Thread