[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam search

On Thu, 5 Aug 1999, Geoff Hibble wrote:

> Date: Thu, 05 Aug 1999 13:28:23 -0600
> From: Geoff Hibble <ghibble@LastFoot.com>
> To: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
> Cc: support@padl.com
> Subject: pam search

[ Discussions regarding PADL's PAM/NSS LDAP modules are best conducted on the
  ldap-nis mailing list (see the ANNOUNCE file in the NSS package). ]

> What is the effect on performance of having a large ldap DIT and pam
> pointing to the root?

Slower lookup times;  how slower, "depends".

> Is it possible that LDAP may search all the hardware and software "ou"s
> and then "people" finding "uid=ghibble" last?

Possible?  I guess so.

> Is it possible to tell pam_ldap just to search "people".

Yes - add "people" to the base DN for searches in "/etc/ldap.conf" (ie., as
far as the PAM/NSS modules are concerned, "people" would be a standard part of
your base DN).

> Is this the same for nss_ldap?