NSS, PAM, and LDAP

In addition to the OpenLDAP packages, Community Enterprise Linux includes a package called nss_ldap, which enhances LDAP's ability to integrate into both Linux and other UNIX environments.

The nss_ldap package provides the following modules (where <version> refers to the version of libnss_ldap in use):

• /lib/libnss_ldap-<version>.so

• /lib/security/pam_ldap.so

The nss_ldap package provides the following modules for Itanium or AMD64 architectures:

• /lib64/libnss_ldap-<version>.so

• /lib64/security/pam_ldap.so

The libnss_ldap-<version>.so module allows applications to look up users, groups, hosts, and other information using an LDAP directory via the Nameservice Switch (NSS) interface of glibc. NSS allows applications to authenticate using LDAP in conjunction with the NIS name service and flat authentication files.

The pam_ldap module allows PAM-aware applications to authenticate users using information stored in an LDAP directory. PAM-aware applications include console login, POP and IMAP mail servers, and Samba. By deploying an LDAP server on a network, all of these applications can authenticate using the same user ID and password combination, greatly simplifying administration.

For more about configuring PAM, refer to "Pluggable Authentication Modules (PAM)" and the PAM man pages.