Hello,
I have a few ldap clients which were set up by my previous sys-admin.
1. In some of the servers I see that the configuration is done in /etc/pam_ldap.conf, /etc/nslcd.conf and there is a nslcd process running on the clients.
2. On other servers I find that there is only an /etc/ldap.conf and there are no nslcd process running.
The configuration values in both the approaches are the same.
Are there two different ways to setup an ldap client. I would like to understand both these approaches. In the second approach is there some other process which does the ldap lookup?
Can someone share links to docs related to both the installation steps.
Thanks
On 26.11.2013 16:27, slacker lnx wrote:
Hello,
I have a few ldap clients which were set up by my previous sys-admin.
- In some of the servers I see that the configuration is done in
/etc/pam_ldap.conf, /etc/nslcd.conf and there is a nslcd process running on the clients.
- On other servers I find that there is only an /etc/ldap.conf and there
are no nslcd process running.
The configuration values in both the approaches are the same.
Are there two different ways to setup an ldap client. I would like to understand both these approaches. In the second approach is there some other process which does the ldap lookup?
Can someone share links to docs related to both the installation steps.
Thanks
Hi,
in the cases with /etc/pam_ldap.conf, /etc/libnss_ldap.conf, /etc/ldap.conf and the like, with no daemon running, the system is very likely using PADL's nss_ldap [1] and pam_ldap [2] libs. In case of /etc/nslcd.conf and a running daemon, it's using nss-pam-ldapd [3] which, as you'll read on the website, started out as a fork of nss_ldap.
In your first case, they probably switched from pam_/nss_ldap to nslcd and didn't clean up the old config. Possibly because pam_/nss_ldap made problems [4].
Another option would be sssd [5]. Dunno if there are more for Linux.
Regards, Chrisitan Manal
[1] http://www.padl.com/OSS/nss_ldap.html [2] http://www.padl.com/OSS/pam_ldap.html [3] http://arthurdejong.org/nss-pam-ldapd/ [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579647 [5] https://fedorahosted.org/sssd/
Christian Manal wrote:
On 26.11.2013 16:27, slacker lnx wrote:
Hello,
I have a few ldap clients which were set up by my previous sys-admin.
- In some of the servers I see that the configuration is done in
/etc/pam_ldap.conf, /etc/nslcd.conf and there is a nslcd process running on the clients.
- On other servers I find that there is only an /etc/ldap.conf and there
are no nslcd process running.
The configuration values in both the approaches are the same.
Are there two different ways to setup an ldap client. I would like to understand both these approaches. In the second approach is there some other process which does the ldap lookup?
Can someone share links to docs related to both the installation steps.
Thanks
Hi,
in the cases with /etc/pam_ldap.conf, /etc/libnss_ldap.conf, /etc/ldap.conf and the like, with no daemon running, the system is very likely using PADL's nss_ldap [1] and pam_ldap [2] libs. In case of /etc/nslcd.conf and a running daemon, it's using nss-pam-ldapd [3] which, as you'll read on the website, started out as a fork of nss_ldap.
In your first case, they probably switched from pam_/nss_ldap to nslcd and didn't clean up the old config. Possibly because pam_/nss_ldap made problems [4].
Another option would be sssd [5]. Dunno if there are more for Linux.
You've forgotten OpenLDAP nssov, which is where the PAM in nss-pam-ldapd came from.
Regards, Chrisitan Manal
[1] http://www.padl.com/OSS/nss_ldap.html [2] http://www.padl.com/OSS/pam_ldap.html [3] http://arthurdejong.org/nss-pam-ldapd/ [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579647 [5] https://fedorahosted.org/sssd/
openldap-technical@openldap.org