[Mageia-dev] nss-ldap missing ?
JA Magallón
jamagallon at ono.com
Wed Feb 20 01:17:09 CET 2013
On 02/20/2013 12:21 AM, David Walser wrote:
> David Walser <luigiwalser at ...> writes:
>> Thierry Vignaud <thierry.vignaud at ...> writes:
>>> good luck with nslcd (if you use TLS you'll have to tell SELinux about it),
>>
>> Even if you don't use SELinux?
>>
>>> I advise you sssd, it just work directly, one single config file to write for
>>> both PAM & NSS...
>>
>> Is that not the case for nss-pam-ldapd? I haven't investigated them yet.
>>
>> I did find out that there's some security bugs in sssd though (fixed upstream):
>> https://bugs.mageia.org/show_bug.cgi?id=9027
>
> Incidentally there's a security bug in nss-pam-ldapd too:
> https://bugs.mageia.org/show_bug.cgi?id=9113
>
> I'm not sure which of the three patches (two linked by upstream advisory, one
> used by Debian in their update) is the right one to fix it.
>
I think it is simpler to move to nss-pam-ldapd, specially if you want the
minimal chages to drax* tool that sets up LDAP authentication (if there
is any, I always did it by hand...):
- same changes needed in nsswitch.conf, insert (or keep) the 'ldap' entry
- syntax of nslcd.conf is similar to ldap.conf
- just need to enable the service in systemd
--
J.A. Magallon <jamagallon()ono!com> \ Winter is coming...
More information about the Mageia-dev
mailing list