[nssldap] Difference between NSS-LDAP and PAM_LDAP
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] Difference between NSS-LDAP and PAM_LDAP
- From: "Sven.Bettscheider" <Sven.Bettscheider [at] gmx.de>
- To: nssldap [at] padl.com
- Subject: [nssldap] Difference between NSS-LDAP and PAM_LDAP
- Date: Mon, 17 Aug 2009 03:12:04 -0700 (PDT)
The Goal of my work will be, that different Services could be authenticate
successful trough PAM over different Ldap Server.
Example:
squid Service: /etc/pam.d/squid
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so config=/etc/pam_server1_ldap.conf
use_first_pass
auth sufficient pam_ldap.so config=/etc/pam_server2_ldap.conf
use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
config=/etc/pam_server1_ldap.conf
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
config=/etc/pam_server2_ldap.conf
account required pam_permit.so
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_ldap.so config=/etc/pam_server1_ldap.conf
use_authtok
password sufficient pam_ldap.so config=/etc/pam_server2_ldap.conf
use_authtok
password required pam_deny.so
session optional pam_ldap.so config=/etc/pam_server1_ldap.conf
session optional pam_ldap.so config=/etc/pam_server2_ldap.conf
The Proplem at the moment is, that i can define different Config Files for
PAM_LDAP. But the NSS-LDAP module reads only the /etc/ldap.conf. If is
possible to define different Config Files for NSS_LDAP.
If it possible to declare two different Server for PAM_LDAP?
Man Page for pam_ldap says:
config=<path>
Specifies that pam_ldap should use the configuration file in
path instead of ldap.conf to retrieve its global configuration.
Configuring multiple instances of pam_ldap for the same service with
different configuration files is not supported, because the configuration
information is cached.
Why i need the NSS-LDAP Module for authenticate?
- [nssldap] Difference between NSS-LDAP and PAM_LDAP,
Sven.Bettscheider