[Date Prev][Date Next]
Re: understanding ldap
Michael Ströder wrote:
Rodney Simioni wrote:
/etc/openldap/ldap.conf # this config file is openldap server's ldap
No, it's a LDAP client config. Mostly likely for OpenLDAP ldap* command-line
tools but sometimes also for other components.
/etc/ldap.conf # This config file is for ldap's clients?
Sometimes it's used for LDAP clients like pam_ldap, sudo-ldap etc. It also
might affect the behaviour of clients implement in a scripting language which
uses OpenLDAP client libs through C wrapper modules (like php-ldap,
Not quite. There is no specific config file for OpenLDAP command line tools.
The /etc/openldap/ldap.conf is a config for libldap, and as such it affects
everything that uses libldap - command line tools, scripting modules, whatever.
/etc/ldap.conf was used by pam_ldap/nss_ldap, certainly. Possibly by some
other things too, and yes it's a mess. pam_ldap/nss_ldap are now
obsolete/unmaintained. You should be using nssov or nss-pam-ldapd now, and
neither of them use /etc/ldap.conf.
The way various software and distributions deal with ldap.conf in several
directories is a mess and entirely depends on how the software author / Linux
distributor built the client software.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/