Re: Newbie with a base suffix searching problem

["Kurt D. Zeilenga" <Kurt@openldap.org>]

Luke Howard wrote:
> I'm happy (although not keen) to make the necessary modifications to
> pam_ldap and nss_ldap to support OpenLDAP's ldap.conf syntax.

Luke, it is not our intention to supplant your configuration file.
OpenLDAP ldap.conf is meant to separate and distinct from your
application's configuration file.   It should also be noted that,
though similiar, our file serves a difference purpose than yours.
Our ldap.conf file is used to specific library defaults for all
applications as where as your file is used to configure specific
applications.

OpenLDAP configuration files are designed to be installed in a
separate directory for other system files (includes those of applications
that might use OpenLDAP).  Our configuration scripts attempt to use the
subdirectory 'openldap' in whatever autoconf determines as the
$sysconfdir (usually /usr/local/etc).  Our configure script allows
users to change this to meet their needs.  If they choose to mix
software packages then they suffer with whatever conflicts they might
cause.

> I agree that putting bind information in a configuration file isn't a
> particularly good idea, but I'm not convinced a separate, world-unreadable
> file is the solution.

It would be pretty easy to implement acl's which used UID information
fetched with RFC1423 (pidentd())...

> Unfortunately, IRIX and, I think, Solaris 8, use a configuration file with
> the same name. I suppose we'll just have to live with it. AFAIK, nss_ldap
> was there first :-)

Which is one of the reasons we opted to put OpenLDAP configuration files
into package specific subdirectory (.../openldap).

Kurt