tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: {,pam_,nss_}ldap.conf

> It looks like security/pam_ldap and databases/nss_ldap have recently been 
> changed to share a single config (ldap.conf) instead of seperate ones 
> (pam_ldap.conf/nss_ldap.conf).
> I have two problems with this:
> 1. Upgrading nearly made my test server unusable. Upgrading nss_ldap will 
> install a default ldap.conf which doesn't match local requirements. If I 
> wouldn't have had a root shell open, I would have had to fix by rebooting via 
> ddb and going single user (because sudo kicks me off with "who are you").
> 2. The two files share/examples/pam-ldap/ldap.conf and 
> share/examples/nss_ldap/ldap.conf differ. So I have to merge manually to get 
> a template for a config that I then can adapt to local requirements.
> Is this intentional? Am I missing something?

Yes, this is intentional; nss_ldap and pam_ldap provide the same base options, 
and their specific options are prefixed with nss_ and pam_ respectively. I 
guess the author's idea was to integrate with OpenLDAP's ldap.conf, but our 
(pkgsrc) OpenLDAP installs ldap.conf in etc/openldap.

The benefit of this approach is, for example: when your server's parameters has 
changed, you have only to edit one configuration file.

Kind regards,

Home | Main Index | Thread Index | Old Index