Re: question about the libpam-ldap debian package.

[Brian May <bam@snoopy.debian.net>]

Anthony wrote:
> (I use a cron "nss_updatedb ldap" every 10 minutes (maybe it could be 
> more!!!) )
Interesting idea, was wondering how to solve this problem myself.

> - nsswitch.conf:/
> passwd:         files db
> shadow:         files db
> group:          files db
> /
Documentation I have seen recommended:

passwd:    files ldap [NOTFOUND=return] db
group:    files ldap [NOTFOUND=return] db

However, when I tried this the computer hang on boot, so I took
that LDAP stuff out.

I don't think the shadow part is required, at least it wasn't required 
on my system. I believe programs call the account PAM service, 
(presumably) will first try the pam_unix, which tries finding the 
information shadow information in nss. If this fails, pam will then try 
pam_ldap, which works. I am a bit puzzled why this seemed to work on my 
system when the network was disconnected though...
//
> > Did you consider the nss-ldapd module?  It have a local LDAP proxy
> > (nslcd) doing the connections to the LDAP server, so it would have it
> > easier to keep track of the connection status.
> >     
I tried that on a late prerelease of Ubuntu hardy; installing nss-ldapd 
seemed to break nss_updatedb, as it moved /lib/libnss_ldap.so.2 to
/usr/lib/libnss_ldap.so.2

Possibly all I needed was a symlink, however I was in a hurry and didn't 
try that.



My main concern is that I want to be able to reproduce the same setup on 
multiple computers (possibly with different Linux distributions)... Its 
kind of tedious to do this manually. Is it possible to automate this 
without losing my sanity in the process?

Brian May