Re: Help the newbie please

[Ryan Steele <ryans [at] aweber.com>]

Kean Johnston wrote:
>> You either need to use nssov or pam_ldap+nss_ldap, not both.  The
>> nssov overlay supplants both.
> That cannot possibly work. 


I can assure you it does, but I was perhaps a bit broad and short in my 
explanation.  You do not need the entirety of
pam_ldap and nss_ldap; rather, just the slimmed-down stub provided to replace 
nss_ldap by nss-pam-ldap.  With nssov and
that stub, they talk directly to LDAP via IPC sockets, to avoid the overhead of 
traditional pam_ldap/nss_ldap
installations, where those modules acted as the TCP/IP supported glue between 
those two and LDAP.


Perhaps I dont need pam_ldap but I certainly
> need nss_ldap, otherwise NSS has no way of knowing what it means when I
> put in "ldap" in nsswitch.conf. nssov then replaces the nslcd daemon
> that nss_ldap talks to. To quote the nssov README:
> 
>    To use this code, you will need the client-side stub library from
>    nss-ldapd (which resides in nss-ldapd/nss). You will not need the
>    nslcd daemon; this overlay replaces that part.
> 
> I believe the same hold true for PAM, but I can at least try not using
> pam_ldap and see how far that gets me, but I am pretty sure from my
> reading of teh code and the various docs that it is still required. For
> the exact same reason. When PAM makes various requests it communicated
> over a UNIX-domain socket. All I have done is replace nslcd with nssov.
> 
> Or am I way off base?
> 
> Kean
> 

-- 
Ryan Steele                                    ryans@aweber.com
Systems Administrator                          +1 215-825-2196 x758
AWeber Communications                          http://www.aweber.com
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users