Re: NSS-LDAP group preventing proper boot

To: debian-user@lists.debian.org
Subject: Re: NSS-LDAP group preventing proper boot
From: Sven Hartge <sven@svenhartge.de>
Date: Mon, 30 Sep 2019 15:05:33 +0200
Message-id: <[🔎] 1fnvjaf2hbp4v8@mids.svenhartge.de>
References: <[🔎] CAA-aU_VXkvZDkBz5Hep8uGmMEYbfubftcuYgHubcNc7vr4h-jQ@mail.gmail.com> <[🔎] 8d3a82b8-cab7-c6d2-1b13-dab98b57468f@rsh2.donotuse.de> <[🔎] CAA-aU_Xm-oii+priXXq5PnwsGgpFBgQqwg33Kcp3Ho4-WOFJ7g@mail.gmail.com>

Marc Franquesa <marc.franquesa@gmail.com> wrote:

> Thanks for the feedback, I might give it a try to sssd (I was already
> planning to take a look).

> I seen many docs recommending to move to nss/pam-ldapd however (also for
> sssd) this requires installing many other packages and run multiple daemons
> while I could achieve the same with simply a dynamic loaded library as
> libnss-ldap.

nss-ldapd and pam-ldapd only require the nslcd daemon and not "multiple
daemons".

Also the design of nss-ldapd and pam-ldapd is vastly superior over the
older nss-ldap and pam-ldap approach, as you don't need to load the
whole libldap-machine into each and every program but just the thin
libnss-ldapd library, which acts as an interface to nslcd, which does
the heavy lifting.

Added bonus: your libldap configuration does not need to be
user-readable, which is critical in case you need to use any special
admin-DN to access the LDAP server.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Reply to:

References:
- NSS-LDAP group preventing proper boot
  - From: Marc Franquesa <marc.franquesa@gmail.com>
- Re: NSS-LDAP group preventing proper boot
  - From: Alex Mestiashvili <amestia@rsh2.donotuse.de>
- Re: NSS-LDAP group preventing proper boot
  - From: Marc Franquesa <marc.franquesa@gmail.com>

Prev by Date: Re: apache only servers text page
Next by Date: Re: ext4: debugfs: icheck: Input/output error while calling ext2fs_block_iterate
Previous by thread: Re: NSS-LDAP group preventing proper boot
Next by thread: audio recorder
Index(es):
- Date
- Thread