Re: {,pam_,nss_}ldap.conf

To: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Subject: Re: {,pam_,nss_}ldap.conf
From: Adam Ciarciński <adam%NetBSD.org@localhost>
Date: Wed, 11 May 2011 15:39:08 +0200

> It looks like security/pam_ldap and databases/nss_ldap have recently been 
> changed to share a single config (ldap.conf) instead of seperate ones 
> (pam_ldap.conf/nss_ldap.conf).
> 
> I have two problems with this:
> 
> 1. Upgrading nearly made my test server unusable. Upgrading nss_ldap will 
> install a default ldap.conf which doesn't match local requirements. If I 
> wouldn't have had a root shell open, I would have had to fix by rebooting via 
> ddb and going single user (because sudo kicks me off with "who are you").
> 
> 2. The two files share/examples/pam-ldap/ldap.conf and 
> share/examples/nss_ldap/ldap.conf differ. So I have to merge manually to get 
> a template for a config that I then can adapt to local requirements.
> 
> Is this intentional? Am I missing something?

Yes, this is intentional; nss_ldap and pam_ldap provide the same base options, 
and their specific options are prefixed with nss_ and pam_ respectively. I 
guess the author's idea was to integrate with OpenLDAP's ldap.conf, but our 
(pkgsrc) OpenLDAP installs ldap.conf in etc/openldap.

The benefit of this approach is, for example: when your server's parameters has 
changed, you have only to edit one configuration file.

Kind regards,
Adam

Follow-Ups:
- Re: {,pam_,nss_}ldap.conf
  - From: Edgar Fuß

References:
- {,pam_,nss_}ldap.conf
  - From: Edgar Fuß

Prev by Date: Re: gsed:run not working
Next by Date: Re: {,pam_,nss_}ldap.conf
Previous by Thread: {,pam_,nss_}ldap.conf
Next by Thread: Re: {,pam_,nss_}ldap.conf
Indexes:

Home | Main Index | Thread Index | Old Index