[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different approaches to setup ldap client

On 26.11.2013 16:27, slacker lnx wrote:
> Hello,
> I have a few ldap clients which were set up by my previous sys-admin.
> 1. In some of the servers I see that the configuration is done in
> /etc/pam_ldap.conf, /etc/nslcd.conf and there is a nslcd process running on
> the clients.
> 2. On other servers I find that there is only an /etc/ldap.conf and there
> are no nslcd process running.
> The configuration values in both the approaches are the same.
> Are there two different ways to setup an ldap client. I would like to
> understand both these approaches. In the second approach is there some
> other process which does the ldap lookup?
> Can someone share links to docs related to both the installation steps.
> Thanks


in the cases with /etc/pam_ldap.conf, /etc/libnss_ldap.conf,
/etc/ldap.conf and the like, with no daemon running, the system is very
likely using PADL's nss_ldap [1] and pam_ldap [2] libs. In case of
/etc/nslcd.conf and a running daemon, it's using nss-pam-ldapd [3]
which, as you'll read on the website, started out as a fork of nss_ldap.

In your first case, they probably switched from pam_/nss_ldap to nslcd
and didn't clean up the old config. Possibly because pam_/nss_ldap made
problems [4].

Another option would be sssd [5]. Dunno if there are more for Linux.

Chrisitan Manal

[1] <http://www.padl.com/OSS/nss_ldap.html>
[2] <http://www.padl.com/OSS/pam_ldap.html>
[3] <http://arthurdejong.org/nss-pam-ldapd/>
[4] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579647>
[5] <https://fedorahosted.org/sssd/>