> I have created a symlink from /etc/openldap/ldap.conf to > /etc/ldap.conf... that seems to have gotten the majority of the system > communicating with PAM/LDAP. I guess that making a .ldaprc file in the > users home directory and putting those directives in there would be > about the equivalent.
Those two files do not serve the same purpose, nor use the same options. /etc/openldap/ldap.conf is for ldap tools - ie ldapsearch, ldapmodify, etc. Primarily only on openldap servers (and perhaps admin work stations). /etc/ldap.conf is used by pam. Symlinking from to the other won't help. For reference, here are examples of my ldap.conf from a NON ldap server: # /etc/ldap.conf uri ldaps://ldap-vip.example.net timelimit 30 bind_timelimit 30 bind_policy hard_open base dc=example,dc=net scope sub ssl on tls_checkpeer no tls_cacertfile /etc/openldap/cacert.pem pam_login_attribute uid pam_lookup_policy yes pam_password exop nss_base_passwd ou=people,dc=example,dc=net?one # /etc/openldap/ldap.conf URI ldap://ldapconsole.example.net/ BASE " dc=example,dc=net" TLS_CACERTDIR /etc/openldap/cacerts On the box I pulled these from, the latter file is never used - nor will it even work. If that line is a pam config directive, it belongs in /etc/ldap.conf. If you keep straight what you're working on, it will likely help. - chris This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
