Re: BINDDN in ldap.conf

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Saturday, July 24, 2004 12:22 PM -0700 Craig White 
<craigwhite@azapple.com> wrote:

> On Sat, 2004-07-24 at 02:13, Tony Earnshaw wrote:
> > fre, 23.07.2004 kl. 21.02 skrev Howard Chu:
> >
> > > And prior to that, it describes the difference between system-wide and
> > > user config files.
> >
> > Thanks :) "'man ldapconf', search for user" would have been sufficient.
> >
> > > No amount of documentation will make up for people who don't read it,
> > > and people who skim are more likely to miss even more as the volume of
> > > documentation increases.
> ---
> you are assuming that those who read that, understood what the context
> of 'user' was - I most assuredly did not until now. Unfortunately, many
> of use don't come from UNIX backgrounds and though pick up on many
> things, some things which seem basic to you guys elude us for some time.
>
> I am one of those idiots that never understood that BINDPW in ldap.conf
> didn't work. In fact, the default /etc/ldap.conf on every Red Hat system
> that I have looked at actually references the variable - which leads the
> unwashed like me to believe that it might actually work. I don't know if
> that variable comes from (or came from) the openldap client
> /openldap.com but I would bet that it does.

That's because there are two ldap.conf's in existence -- One for OpenLDAP, 
and one for pam_ldap or nss_ldap.  It came from PADL (http://www.padl.com) 
not OpenLDAP.org.  So, it does work, when combined with the right piece of 
software.  The issue is knowing what the right piece of software is. 
Perhaps RedHat would be more helpful if they put documentation in the 
ldap.conf file that said something like:

# ldap.conf for nss_ldap and pam_ldap configuration

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html