RSS feed

Re: Help the newbie please

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Help the newbie please

Kean Johnston wrote:
>> You either need to use nssov or pam_ldap+nss_ldap, not both.  The
>> nssov overlay supplants both.
> That cannot possibly work. 

I can assure you it does, but I was perhaps a bit broad and short in my 
explanation.  You do not need the entirety of
pam_ldap and nss_ldap; rather, just the slimmed-down stub provided to replace 
nss_ldap by nss-pam-ldap.  With nssov and
that stub, they talk directly to LDAP via IPC sockets, to avoid the overhead of 
traditional pam_ldap/nss_ldap
installations, where those modules acted as the TCP/IP supported glue between 
those two and LDAP.

Perhaps I dont need pam_ldap but I certainly
> need nss_ldap, otherwise NSS has no way of knowing what it means when I
> put in "ldap" in nsswitch.conf. nssov then replaces the nslcd daemon
> that nss_ldap talks to. To quote the nssov README:
>    To use this code, you will need the client-side stub library from
>    nss-ldapd (which resides in nss-ldapd/nss). You will not need the
>    nslcd daemon; this overlay replaces that part.
> I believe the same hold true for PAM, but I can at least try not using
> pam_ldap and see how far that gets me, but I am pretty sure from my
> reading of teh code and the various docs that it is still required. For
> the exact same reason. When PAM makes various requests it communicated
> over a UNIX-domain socket. All I have done is replace nslcd with nssov.
> Or am I way off base?
> Kean

Ryan Steele                          
Systems Administrator                          +1 215-825-2196 x758
AWeber Communications                
To unsubscribe send an email to or see