On Sun, Jan 2, 2011 at 13:08:48 +0100, Arthur de Jong wrote: > +<section id="ldap"> > + <title><acronym>LDAP</acronym> support</title> > + <indexterm><primary>LDAP</primary></indexterm> > + <para> > + With this release Debian comes with several options for implementing > + client-side authentication using LDAP. > + Users of the <systemitem role="package">libnss-ldap</systemitem> and > + <systemitem role="package">libpam-ldap</systemitem> packages are > + recommended to consider upgrading to should consider? > + <systemitem role="package">libnss-ldapd</systemitem> and > + <systemitem role="package">libpam-ldapd</systemitem>. > + </para> > + <para> > + These newer packages delegate the <acronym>LDAP</acronym> queries to a central unprivileged > + daemon (<command>nslcd</command>) that provides separation between the process using the <acronym>LDAP</acronym> > + information and the daemon performing <acronym>LDAP</acronym> queries. This simplifies > + handling of secured <acronym>LDAP</acronym> connections, > + <acronym>LDAP</acronym> authentication credentials, provides a simpler > + mechanism to perform connection fail-over and debugging and avoids doubled space > + loading <acronym>LDAP</acronym> and related libraries into most > + applications. > + </para> > + <para> > + Upgrading to <systemitem role="package">libnss-ldapd</systemitem> and > + <systemitem role="package">libpam-ldapd</systemitem> should be easy > + as existing configuration information will be re-used mostly. will be mostly reused? > + Only for advanced configuration should any manual reconfiguration be > + necessary. > + </para> > + <para> > + These packages however currently lack support for nested groups and only > + support password change using the <acronym>LDAP</acronym> password modify > + EXOP operation. > + </para> > +</section> > + Cheers, Julien
Attachment:
signature.asc
Description: Digital signature