David Parker <dpar...@utica.edu> wrote:
> Well, crap. It turns out this isn't a problem. PAM is configured for
> LDAP authentication and so it opens a connection each time I log in,
> owned by my sshd process, even though it's not using LDAP
> authentication for root. And the other LDAP queries I'm seeing are
> being sent when users authenticate via sendmail. Case closed!
This is why you use libpam-ldapd (instead of libpam-ldap) in combination
with libnss-ldapd (instead of libnss-ldap).
Its design with a separate daemon (nslcd) doing the actual LDAP
connection is far superior compared to the original lib*-ldap code.
It also means that libldap itself is only mapped into the central
server process and not into every process on the system.
Sigmentation fault. Core dumped.