lists.arthurdejong.org
RSS feed

Re: Requirement for NSLCD

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Requirement for NSLCD



On Thu, Jul 18, 2013 at 03:57:04PM -0400, Liam Hopkins wrote:
> On 07/18/13 at 03:38pm, Sotomayor, Vicente (ITD) wrote:
> > On Thu, Jul 18, 2013 at 03:11:07PM -0400, William Hopkins wrote:
> > >
> > > Hello,
> > >
> > > I am attempting to configure LDAP auth on a RHEL/CentOS6 environment 
> > > without
> > > running nslcd; the support I have received from redhat user forums thus 
> > > far
> > > indicates that they no longer support this. I see the fact that 
> > > nss-pam-ldapd
> > > can be built without nslcd and the following quote:
> > >
> > >  > The three parts (NSS module, PAM module, and nslcd server) can be build
> > >  > separately and are not tied together. This means that for instance you 
> > > can
> > >  > still use pam_ldap and use the NSS module from nss-pam-ldapd.
> > >
> > > However, the details of the architecture as I understand this would make 
> > > such a
> > > setup not work. It may be worth noting I have a completely working LDAP
> > > solution that works on my RHEL5/CentOS5 boxes, with TLS and pam_ldap.
> > >
> > > Thanks in advance for your assistance
> > 
> > nslcd is currently supported in RH 6.
> 
> Thanks. I don't want to run NSLCD. Thus "without running nslcd".

Yes, but *why* ?

pam_ldap doesn't stricly require the nscd to be running.

That said, once the user authenticates, the system should be able to
resolve his UID and GID into meaningful names or vice versa..and that's
where NSS comes to play. You can use PADL's nss_ldap if there is some
problem with running nslcd, but what is the reason?
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/