[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: BINDDN in ldap.conf

--On Saturday, July 24, 2004 12:22 PM -0700 Craig White <craigwhite@azapple.com> wrote:

On Sat, 2004-07-24 at 02:13, Tony Earnshaw wrote:
fre, 23.07.2004 kl. 21.02 skrev Howard Chu:

> And prior to that, it describes the difference between system-wide and
> user config files.

Thanks :) "'man ldapconf', search for user" would have been sufficient.

> No amount of documentation will make up for people who don't read it,
> and people who skim are more likely to miss even more as the volume of
> documentation increases.
you are assuming that those who read that, understood what the context
of 'user' was - I most assuredly did not until now. Unfortunately, many
of use don't come from UNIX backgrounds and though pick up on many
things, some things which seem basic to you guys elude us for some time.

I am one of those idiots that never understood that BINDPW in ldap.conf
didn't work. In fact, the default /etc/ldap.conf on every Red Hat system
that I have looked at actually references the variable - which leads the
unwashed like me to believe that it might actually work. I don't know if
that variable comes from (or came from) the openldap client
/openldap.com but I would bet that it does.

That's because there are two ldap.conf's in existence -- One for OpenLDAP, and one for pam_ldap or nss_ldap. It came from PADL (http://www.padl.com) not OpenLDAP.org. So, it does work, when combined with the right piece of software. The issue is knowing what the right piece of software is. Perhaps RedHat would be more helpful if they put documentation in the ldap.conf file that said something like:

# ldap.conf for nss_ldap and pam_ldap configuration


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html