lists.arthurdejong.org
RSS feed

Re: nslcd issues and questions

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd issues and questions



On Fri, Aug 19, 2011 at 12:00:52AM +0000, Colby Funnell wrote:
>    Firstly, it is not clear to me the relationship between pam_ldap.conf
>    and nslcd.conf. They seem to duplicate configuration but can also work
>    together in that some configuration can be in both, but some must be in
>    either. My assumption is that on centos, being that pam_ldap is a
>    requirement for nss-pam-ldapd, the pam_ldap.so is still provided by
>    pam_ldap. A quick rpm -ql proves this. I would like to know in what way
>    are they exclusive of one another. What exactly is nslcd reading from
>    each conf and in what order of precedence. Is pam_ldap able to make
>    LDAP connections separately from nslcd and when would it do this? If i
>    set my nss mappings in one, does it override the other? I'm no wiz at C
>    code so i thought I'd ask for the flow here before doing my head in
>    trying to read pam_ldap.so.

The two are very much exclusive (the version of nss-pam-ldapd in 6 was
too early to use nss-pam-ldapd's own PAM module) -- the nslcd daemon
doesn't touch /etc/pam_ldap.conf, and pam_ldap doesn't touch
/etc/nslcd.conf.

The distro's configuration tooling writes applicable settings to both
files, because both need to working correctly in order for your users to
be able to log in.

Name resolution all goes through nslcd, and password checking and
changing is done with pam_ldap, which because it's a version that's
unaware of nslcd, establishes its own connections to the directory
server when it needs to do anything.

HTH,

Nalin
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users