On Thu, Jun 23, 2011 at 01:00:55PM +0100, Dermot wrote: > Found it. > > It turns out that the config file for libnss-ldap is > /etc/libnss-ldap.conf on my distro (Debian). So NSS was ignoring the > config that I had been in /etc/ldap/ldap.conf and taking it from > /etc/libnss-ldap.conf.
As far as I'm aware, most of the distributions use a separate configuration file for libnss-ldap, allowing /etc/ldap/ldap.conf to be used for the generic configuration of user ldap searches (as it is intended) and not have those constrained by the very specific needs of nsswitch. This separation is more than just a convenience. At my workplace, I have an LDAP directory as the backing for nsswitch and as the passdb/idmap backend for Samba. Samba's ldap searches are affected by anything that goes into /etc/ldap/ldap.conf, which would cause problems if the nsswitch-specific settings had to be stored there. -- Bruce Vajazzle - giving new meaning to the phrase "I'll scratch your eyes out". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
