[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DNS discovery for OpenLDAP?

Quoting Buchan Milne <bgmilne@staff.telkomsa.net>:

IIRC nss_ldap by supports DNS discovery, if you omit the URI. ...

Did you mean to say that nss_ldap uses DNS discovery "by default"? Indeed, that is the way it seems to behave; I just ran some more tests, and apparently the nss_srv_domain option is not even necessary.

However, pam_ldap does not, and IMHO, shouldn't by default ...

Indeed, I can also omit the LDAP URI from /etc/pam_ldap.conf and still the users have no problem logging in. Kerberos is doing its job.

Now the only thing left is /etc/ldap/ldap.conf. Unfortunately, if no LDAP URI is included in this configuration file, most of the usual LDAP utilities will not work. If it includes an option like "URI ldap:///dc%3Dexample%2Cdc%3Dcom";, not even ldapsearch will understand. What's the problem here... libldap?