[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: understanding ldap

Michael Ströder wrote:
Rodney Simioni wrote:
/etc/openldap/ldap.conf  # this config file is openldap server's ldap
config file?

No, it's a LDAP client config.  Mostly likely for OpenLDAP ldap* command-line
tools but sometimes also for other components.

/etc/ldap.conf # This config file is for ldap's clients?

Sometimes it's used for LDAP clients like pam_ldap, sudo-ldap etc. It also
might affect the behaviour of clients implement in a scripting language which
uses OpenLDAP client libs through C wrapper modules (like php-ldap,
python-ldap, etc.)

Not quite. There is no specific config file for OpenLDAP command line tools. The /etc/openldap/ldap.conf is a config for libldap, and as such it affects everything that uses libldap - command line tools, scripting modules, whatever.

/etc/ldap.conf was used by pam_ldap/nss_ldap, certainly. Possibly by some other things too, and yes it's a mess. pam_ldap/nss_ldap are now obsolete/unmaintained. You should be using nssov or nss-pam-ldapd now, and neither of them use /etc/ldap.conf.

The way various software and distributions deal with ldap.conf in several
directories is a mess and entirely depends on how the software author / Linux
distributor built the client software.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/