I have created a symlink from /etc/openldap/ldap.conf to /etc/ldap.conf... that seems to have gotten the majority of the system communicating with PAM/LDAP. I guess that making a .ldaprc file in the users home directory and putting those directives in there would be about the equivalent.
Those two files do not serve the same purpose, nor use the same options.
/etc/openldap/ldap.conf is for ldap tools - ie ldapsearch, ldapmodify, etc. Primarily only on openldap servers (and perhaps admin work stations).
/etc/ldap.conf is used by pam.
Symlinking from to the other won't help.
For reference, here are examples of my ldap.conf from a NON ldap server:
# /etc/ldap.conf uri ldaps://ldap-vip.example.net timelimit 30 bind_timelimit 30 bind_policy hard_open base dc=example,dc=net scope sub ssl on tls_checkpeer no tls_cacertfile /etc/openldap/cacert.pem pam_login_attribute uid pam_lookup_policy yes pam_password exop nss_base_passwd ou=people,dc=example,dc=net?one
# /etc/openldap/ldap.conf URI ldap://ldapconsole.example.net/ BASE " dc=example,dc=net" TLS_CACERTDIR /etc/openldap/cacerts
On the box I pulled these from, the latter file is never used - nor will it even work.
If that line is a pam config directive, it belongs in /etc/ldap.conf.
If you keep straight what you're working on, it will likely help.
- chris
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.