[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: understanding ldap



Howard Chu wrote:
> Michael Ströder wrote:
>> Rodney Simioni wrote:
>>> /etc/openldap/ldap.conf  # this config file is openldap server's ldap
>>> config file?
>>
>> No, it's a LDAP client config.  Mostly likely for OpenLDAP ldap* command-line
>> tools but sometimes also for other components.
>>
>>> /etc/ldap.conf # This config file is for ldap's clients?
>>
>> Sometimes it's used for LDAP clients like pam_ldap, sudo-ldap etc. It also
>> might affect the behaviour of clients implement in a scripting language which
>> uses OpenLDAP client libs through C wrapper modules (like php-ldap,
>> python-ldap, etc.)
> 
> Not quite. There is no specific config file for OpenLDAP command line tools.
> The /etc/openldap/ldap.conf is a config for libldap, and as such it affects
> everything that uses libldap - command line tools, scripting modules, whatever.

Just to add:
Some applications (e.g. web2ldap) turn off processing ldap.conf by setting env
var LDAPNOINIT=1 to prevent side effects to application configuration.

> [..] and yes it's a mess.

Especially since some software adds other configuration non-OpenLDAP
directives (e.g. sudo-ldap). So even for me it's sometimes hard to sort out
which file/directive affects what...

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature