Univention Bugzilla – Bug 48017
Replace pam_ldap, nss_ldap and nscd by nss-pam-ldapd and slapo-nssov
Last modified: 2021-05-03 21:51:06 CEST
https://arthurdejong.org/nss-pam-ldapd/ https://github.com/openldap/openldap/blob/master/contrib/slapd-modules/nssov/slapo-nssov.5 ( https://manned.org/slapo-nssov )
Could you describe the benefit in one sentence?
Currently /etc/libnss-ldap.conf (and libnss-ldap.secret) must contain bind credentials (machine password) for nss_ldap to work. As far as I understand the documentation of nssov, this would not be necessary any longer because binds happen with user credentials. The drawback would be: It only works against a local running slapd (so you cannot user it on a member server unless yu run a slapd with slapd-ldap config and maybe slapo-pcache there. Which could maybe be an alternative to running nscd).