On 2/24/22 08:37, Ulrich Windl wrote:
As the "pam_" prefix might indicate, try "man pam_ldap" instead. ... Features of the PADL pam_ldap
Note that there are two different pam_ldap modules out there:
1. The ancient unmaintained PADL modules which directly send LDAP operations and are generally *not recommended* to be used nowadays.
2. The small PAM front-end module of nss-pam-ldapd which pass PAM requests to a long-running aka nslcd over a Unix domain socket.
Basically when integrating NSS and PAM one has to choose which service to use for the integration: nss-pam-ldapd or sssd, both with their own NSS/PAM front-end modules.
Ciao, Michael.
P.S.: Yes, I have to admit I forgot in my former e-mail that passwd(1) sends password change requests via PAM. But I'd strongly recommend to not use that anyway.