On Fri, 11 Nov 2011, Ondrej Hamada wrote:
> >>I think we should check for nslcd.conf as well and report that
> >>neither nss-ldap nor nss-pam-ldapd are installed.
> >We have already code in configure_ldap_config() and
> >configure_nslcd_conf that checks all these different files and after
> >configuration reports what was configured.
> >
> >I would rather did a commonalization of detection instead of
> >duplicating the code. We can re-use result of detecting what exists
> >later in configure_{ldap,nslcd}_config().
> >
> I'll do it, but I have question:
> configure_ldap_config() also checks whether file 'pam_ldap.conf'
> exists. Is installed pam_ldap package without nss_ldap enough to
> allow ipa-client installation with --no-sssd option?
If you have kerberos setup, then authentication could be done via 
kerberos and NSS module would give you users and groups with nss_ldap. 
So pam_ldap + nss_ldap is one of possible configurations, but pam_krb5 
+ nss_ldap is also possible to use, without pam_ldap.

/ Alexander Bokovoy

Freeipa-devel mailing list

Reply via email to