Having libpam-ldap and libnss-ldap use ldap.conf at all is particularly problematic. ldap.conf it primarily the configuration file for the openldap client utilities developed and maintained by the openldap.org project. libnss-ldap and libpam-ldap are developed by PADL software. They just happen to look at the same file for their config directives (in addition to their own unique files). According to the pam_ldap(5) manpage:
" pam_ldap stores its configuration in the ldap.conf file. (It should be noted that some LDAP client libraries, such as OpenLDAP, also use a configuration file of the same name. pam_ldap supports many of the same configuration file options as OpenLDAP, but it adds several that are specific to the functionality it provides. **It is not guaranteed that pam_ldap will continue to match the configuration file semantics of OpenLDAP**. You may wish to use different files.)" Having non-openldap related directives in ldap.conf is the subject of much confusion. -- libnss-ldap and libpam-ldap should use the same configuration file https://launchpad.net/bugs/17744 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
