On Thu, Nov 11, 2004 at 12:11:22PM -0800, Jed Donnelley wrote: > I thought I'd take this opportunity to clarify my understanding of the model > used by some of this LDAP software. > > My understanding is that the distinction between the above two mentioned > ldap.conf files is that: > > /etc/openldap/ldap.conf is the configuration for the openldap *server* The /etc/openldap/ldap.conf file contains default settings used by libldap, and by extension all applications which use libldap, such as ldapsearch. Most applications provide some way of letting you specify these settings directly, so you can frequently get away with not modifying this file. > and > > /etc/ldap.conf is the configuration for ldap *client* access, including > PAM and the NSS libraries. The /etc/ldap.conf file is used exclusively by nss_ldap and pam_ldap (in addition to /etc/openldap/ldap.conf, because both of them link with libldap). An unfortunate choice of filename, I think, but at this point I think attempting to change it would just confuse things further. A consequence of this mix is that many settings you would set in /etc/openldap/ldap.conf can be set (or overridden) for nss_ldap and pam_ldap in /etc/ldap.conf. HTH, Nalin _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
