Hello, I came across a previous query some what related to this topic: http://opensuse.14.x6.nabble.com/11-1-What-is-the-relationship-between-nscd-... It would be helpful if someone can provide other details requested by me. Thanks in advance, Best Regards, Krishna On 8/15/13, Krishna Prasad <kpabotla@gmail.com> wrote:
Hello,
I am new to this group & subject. I have some query on pam_ldap, nss_ldap
I downloaded the latest openpam-20120526, openldap-2.4.35, pam_ldap-186, nss_ldap-265 (from PADL.com) I want to enable PAM with authentication from remote LDAP server. I am not clear of minimum package requirement, full flow, configurations and whether some deamon is involved.
From README of pam_ldap-186:
Here are some possible deployment scenarios:
o pam_ldap with account information in /etc flat files, kept manually in sync with LDAP
o pam_ldap with account information in LDAP, using nss_ldap
o pam_ldap with account information in NIS, using ypldapd
It looks like PAM is coupled with NSS. For “pam_ldap” to work with LDAP, nss_ldap is needed. On Ubuntu synaptic also, I found that both pam_ldap, nss_ldap packages have to be installed or removed together. I browsed the source code of pam_ldap and it was directly using openldap APIs. Did not find pam_ldap directly using nss_ldap APIs. I want PAM LDAP functionality, without NSS, unless nss_ldap is mandated by pam_ldap.
Is pam_ldap using nss_ldap at runtime? Is some deamon like nslcd or nscd created by nss_ldap to serve NSS LDAP requests? Is the deamon needed? Can the PAM LDAP functionality work without nss_ldap or deamon nslcd? Also which package or deamon reads nsswitch.conf? Opennss? How is the flow from pam_ldap to nss_ldap? Is the below flow correct? openpam -> pam.d -> pam_ldap -> nss_ldap -> nslcd -> nsswitch.conf -> openldap -> ldap.conf
Can we remove nss_ldap or kill nslcd and make pam_ldap work with openldap?
Please let me know if some information is not clear.
Thank you very much in advance, Krishna
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org