On Fri, 11 Nov 2011, Ondrej Hamada wrote: > >>I think we should check for nslcd.conf as well and report that > >>neither nss-ldap nor nss-pam-ldapd are installed. > >We have already code in configure_ldap_config() and > >configure_nslcd_conf that checks all these different files and after > >configuration reports what was configured. > > > >I would rather did a commonalization of detection instead of > >duplicating the code. We can re-use result of detecting what exists > >later in configure_{ldap,nslcd}_config(). > > > I'll do it, but I have question: > configure_ldap_config() also checks whether file 'pam_ldap.conf' > exists. Is installed pam_ldap package without nss_ldap enough to > allow ipa-client installation with --no-sssd option? If you have kerberos setup, then authentication could be done via kerberos and NSS module would give you users and groups with nss_ldap. So pam_ldap + nss_ldap is one of possible configurations, but pam_krb5 + nss_ldap is also possible to use, without pam_ldap.
-- / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel