[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ldap and passwd command

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Ldap and passwd command
From: Harry Rüter <harry_rueter@gmx.de>
Date: Fri, 23 Jan 2004 15:46:31 +0100
In-reply-to: <6.0.1.1.0.20040123052518.03f80c88@127.0.0.1>
References: <Pine.LNX.4.44.0401211220561.15427-100000@estate1.whitemice.org> <200401230925.19681.list@damonjebb.net> <6.0.1.1.0.20040123052518.03f80c88@127.0.0.1>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.6) Gecko/20040113

Hi list,

as there are very often confusions about ldap.conf
in the list i suggest to use another name when
configuring pam_ldap/nss_ldap.

There's a configure-option in nss_ldap and in pam_ldap
which is very useful :

In nss_ldap i use :
--with-ldap-conf-file=/etc/nss_ldap.conf

In pam_ldap i use :
--with-ldap-conf-file=/etc/pam_ldap.conf

And , voila, ldap.conf now *ONLY" belongs to openldap-tools
pam_ldap/nss_ldap have their own config-file.

I wished that the default in nss_ldap/pam_ldap would
would do something like i did, so Luke Howard,
if you read this what about changing it in future releases of
nss_ldap/pam_ldap ?


greets Harry

Kurt D. Zeilenga schrieb:

At 01:25 AM 1/23/2004, Damon Jebb wrote:
I have now had a look at the presentation and tried for a day to find where I am going wrong with this. I have also tried several times to access the padl lists, without success, so please forgive my responding here rather than there.
Have you tried contacting their postmaster?
I will attempt to respond to the portions of your message
that relate directly to OpenLDAP Software.  However, since I
discussing particulars of non-OpenLDAP Software is off topic
here, I won't delve into them.  (And since I actually know very
little about the particulars of PAM LDAP, I wouldn't have much
to say anyways.)
I have this in my /etc/openldap/ldap.conf
Given the name, I'd assume here that this would a OpenLDAP
ldap.conf file, however, it appears that you placed (presumably)
PAM/LDAP directives there.  I suspect you confused the OpenLDAP
Software file for their configuration file.
I know that the ldap.conf file is being used during the client access to the ldap server because some changes to it have broken it.
Changing /etc/openldap/ldap.conf (assuming this is the OpenLDAP
ldap.conf) will affect all clients relying on OpenLDAP libraries
to provide defaults, including ldapsearch(1).
I can see from the log file using debug level 128 that the bind is anonymous not with the dn specified in the file. What am I doing wrong? When I disallow anonymous bind in the slapd.conf nothing works properly.
PAM/LDAP, I believe, has its own file for defaults/configuration.
It's often called ldap.conf but is usually is found in another
directory.
Kurt

Follow-Ups:
- RE: Ldap and passwd command
  - From: "Damon Jebb" <list@damonjebb.net>

References:
- Re: Ldap and passwd command
  - From: Adam Williams <awilliam@whitemice.org>
- Re: Ldap and passwd command
  - From: Damon Jebb <list@damonjebb.net>
- Re: Ldap and passwd command
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: SUDO in LDAP
Next by Date: Re: rootdn DN is invalid.
Index(es):
- Chronological
- Thread