Hi, we are using the "historical" configuration but we do not use the CLI/UI tools to make the changes. Our installation and configuration automated process uses ldapmodify with .ldif to configure all the necessary plugins and parameters.
Our config : cn=PAM Pass Through Auth,cn=plugins,cn=config ... nsslapd-pluginEnabled: on nsslapd-pluginloadglobal: true nsslapd-plugin-depends-on-type: database pamMissingSuffix: ALLOW pamExcludeSuffix: cn=config pamIDMapMethod: ENTRY pamIDAttr: uid pamFallback: TRUE pamSecure: TRUE pamService: ldapserver But it's absolutely not a problem if you change it to "child entry only" configuration placement, we will just need to change several lines of installation scripts. Thanks for the heads up! ----- Mail original ----- > De: "General discussion list for the 389 Directory server, project." > <389-users@lists.fedoraproject.org> > À: "General discussion list for the 389 Directory server, project." > <389-users@lists.fedoraproject.org> > Cc: "Mark Reynolds" <marey...@redhat.com> > Envoyé: Mardi 20 Mai 2025 20:09:51 > Objet: [389-users] How are you using the PAM PTA plugin? Survey > Hi Everyone, > > We are curious how everyone is using the PAM PTA plugin. There are > basically two ways to configure the plugin, and they somewhat conflict > with one another. Previous to 2012 you could only configure the plugin > through the main plugin entry under cn=config: > > cn=PAM Pass Through Auth,cn=plugins,cn=config > > But after 2012 we added "config" child entries under the main plugin entry: > > cn=config, cn=PAM Pass Through Auth,cn=plugins,cn=config > > For backwards compatibility we still allowed users to use the main > plugin entry although the child entry approach is what we wanted to use > moving forward. So we've had this dual configuration approach and the > CLI/UI weren't handling both correctly. Anyway we'd like to make this > consistent and only allow the child entry config, but we'd like to know > how everyone is using the PAM PTA plugin. Are you using the main config > entry, or are you using the child entry approach? > > Thanks in advance for sharing your input! > > -- > Identity Management Development Team > > -- > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
