-----BEGIN PGP SIGNED MESSAGE-----
It was obvious that he was not asking "why doesn't my pam_ldap talk to my
Missing elements from the user objects is a *data* problem, it is not an interoperability
problem. He would have the same issue whether the server was OpenLDAP, Oracle, or M$AD. It
has nothing to do with OpenLDAP, and a careful reader would have known all of this. If
you're not reading carefully, you should not be responding to the posts.
Infact, it wouldn't matter if the backend was M$AD or not. You can still use the
OpenLDAP client libraries to talk to AD. It is still thusly, an OpenLDAP related question,
where the user does not know where to look from here, and they personally did not know, it
was NOT the fault of OpenLDAP or pam_ldap but rather of nsswitch.
The fact of the matter, is that not everyone knows everything, or they may have missed
something in research etc. It is hard to find a man page, if you don't know what you
are looking for. Google also is not perfect. This person did not know about nsswitch and
its requirement, merely believing that the key parts of this issue were either OpenLDAP or
pam_ldap. We have more experience to know this is not the case. He did not. He asked where
he though the most experience would be - here and rightly so as well, since we were able
to tell him "look at nsswitch, rather than OpenLDAP or pam_ldap".
This comes down far more to what he was asking about (and his limited experience), and
your perception of it, rather than "what is allowed and what is not".
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
-----END PGP SIGNATURE-----