Hmm, I could swear the dependancy on ldap-auth-config wasn't there
yesterday. So upgraders are ok, but documentation is still wrong -
README.Debian in libnss-ldap and libpam-ldap still mentions the old way.
--
libnss-ldap and libpam-ldap should use the same configuration file
https://bugs.launchp
ldap-auth-config pops up a great big warning, and asks if you want to
reconfigure or migrate by hand, if it detects either of the old config
files. There are no dependency issues as far as I know. We need
specifics if we are to fix and documentation.
** Changed in: libnss-ldap (Ubuntu)
St
Quanah: you can specify an alternate configuration file in
/etc/pam.d/common-* by adding a config= argument to the
pam_ldap.so entry, such as
authsufficientpam_ldap.so config=/etc/pam_ldap.conf
This would let you have two separate configurations: /etc/ldap.conf for NSS,
and /etc/pam
Additionally, the docs haven't been updated or dependencies, so people
upgrading from previous versions will end up with a broken
configuration. You're still shipping libnss-ldap.conf, referring to
libnss-ldap.conf in the README.Debian etc.
This comes from a user in #ldap who was trying to work ou
What if one wants to make it so that pam_ldap and nss_ldap bind with
different users, for auditing reasons? By combining these two config
files, if someone is using simple binds, this is no longer possible.
--
libnss-ldap and libpam-ldap should use the same configuration file
https://bugs.launch
This is fixed in Gutsy. The new package ldap-auth-config provides and
configures /etc/ldap.conf.
** Changed in: libnss-ldap (Ubuntu)
Assignee: (unassigned) => Rick Clark
Status: New => Fix Committed
Target: None => tribe-5
--
libnss-ldap and libpam-ldap should use the same co
I guess openldap's clients use /etc/ldap/ldap.conf, and not
/etc/*ldap.conf:
$ strace ldapsearch -x 2>&1 | grep ldap.conf
open("/etc/ldap/ldap.conf", O_RDONLY|O_LARGEFILE) = 3
/etc/ldap/ldap.conf and /etc/libnss-ldap.conf (or pam_ldap.conf) have
some slightly different entries, and should not be
Well, libnss-ldap and libpam-ldap can both be compiled with specific
configuration files (--with-ldap-conf-file).
Would it work to create a metapackage like ldap-config (much like
krb5-config) that controls the configuration /etc/ldap-client.conf or
something like that. Then lib{pam,nss}-ldap cou
I believe both of these libraries are already pointed at two
simultaneous files.
If I am not mistaken pam_ldap reads from both ldap.conf and
pam_ldap.conf, and nss_ldap reads from ldap.conf and libnss-ldap.conf.
That is my experience.
--
libnss-ldap and libpam-ldap should use the same configurat
I agree with Zach's assessment of this.
However, I believe that, since pam_ldap and nss_ldap do in fact use the
OpenLDAP client libraries, they should pull config information from
ldap.conf. They should ALSO pull their own config info from their
respective files.
This probably would require code
Having libpam-ldap and libnss-ldap use ldap.conf at all is particularly
problematic. ldap.conf it primarily the configuration file for the
openldap client utilities developed and maintained by the openldap.org
project. libnss-ldap and libpam-ldap are developed by PADL software.
They just happen t
The first problem that comes to mind is that of maintainer scripts. If
pam_* and nss_* keys are in the same file, how do you push updates to
libpam-ldap that don't break libnss-ldap? You can no longer rely on the
automatic merge tools, but now have to manually add/remove/modify keys
by name, and bu
12 matches
Mail list logo
