[Date Prev][Date Next]
Re: DNS discovery for OpenLDAP?
Quoting Buchan Milne <email@example.com>:
IIRC nss_ldap by supports DNS discovery, if you omit the URI. ...
Did you mean to say that nss_ldap uses DNS discovery "by default"?
Indeed, that is the way it seems to behave; I just ran some more
tests, and apparently the nss_srv_domain option is not even necessary.
However, pam_ldap does not, and IMHO, shouldn't by default ...
Indeed, I can also omit the LDAP URI from /etc/pam_ldap.conf and still
the users have no problem logging in. Kerberos is doing its job.
Now the only thing left is /etc/ldap/ldap.conf. Unfortunately, if no
LDAP URI is included in this configuration file, most of the usual
LDAP utilities will not work. If it includes an option like "URI
ldap:///dc%3Dexample%2Cdc%3Dcom", not even ldapsearch will understand.
What's the problem here... libldap?