Michael Ströder wrote:
Rodney Simioni wrote:
/etc/openldap/ldap.conf # this config file is openldap server's ldap config file?
No, it's a LDAP client config. Mostly likely for OpenLDAP ldap* command-line tools but sometimes also for other components.
/etc/ldap.conf # This config file is for ldap's clients?
Sometimes it's used for LDAP clients like pam_ldap, sudo-ldap etc. It also might affect the behaviour of clients implement in a scripting language which uses OpenLDAP client libs through C wrapper modules (like php-ldap, python-ldap, etc.)
Not quite. There is no specific config file for OpenLDAP command line tools. The /etc/openldap/ldap.conf is a config for libldap, and as such it affects everything that uses libldap - command line tools, scripting modules, whatever.
/etc/ldap.conf was used by pam_ldap/nss_ldap, certainly. Possibly by some other things too, and yes it's a mess. pam_ldap/nss_ldap are now obsolete/unmaintained. You should be using nssov or nss-pam-ldapd now, and neither of them use /etc/ldap.conf.
The way various software and distributions deal with ldap.conf in several directories is a mess and entirely depends on how the software author / Linux distributor built the client software.