[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
> It looks like security/pam_ldap and databases/nss_ldap have recently been
> changed to share a single config (ldap.conf) instead of seperate ones
> I have two problems with this:
> 1. Upgrading nearly made my test server unusable. Upgrading nss_ldap will
> install a default ldap.conf which doesn't match local requirements. If I
> wouldn't have had a root shell open, I would have had to fix by rebooting via
> ddb and going single user (because sudo kicks me off with "who are you").
> 2. The two files share/examples/pam-ldap/ldap.conf and
> share/examples/nss_ldap/ldap.conf differ. So I have to merge manually to get
> a template for a config that I then can adapt to local requirements.
> Is this intentional? Am I missing something?
Yes, this is intentional; nss_ldap and pam_ldap provide the same base options,
and their specific options are prefixed with nss_ and pam_ respectively. I
guess the author's idea was to integrate with OpenLDAP's ldap.conf, but our
(pkgsrc) OpenLDAP installs ldap.conf in etc/openldap.
The benefit of this approach is, for example: when your server's parameters has
changed, you have only to edit one configuration file.
Main Index |
Thread Index |