Hi,
I hope someone here can point me into the right direction.
I'm having two databases in an openldap server,
dc=intern and dc=extern. The different databases are
usually used to authenticate the different users on
different hosts. However, now i have the problem that I
have one host, where people of the dc=external and some of
the dc=internal need to be authenticated.
First I tried to define two hosts, and added two base statements, but the
second base statement overwrote the first. So I guess this functionality is
only intended for two servers containing the same database where the second
is used as a fallback, in case the first ldap server is unreachable.
Then I tried to define different uri's in /etc/ldap.conf like this:
uri ldap://ldap/dc=intern ldap://ldap/dc=extern
but that did not seemed to work either.
then I tried to create a second ldap.conf, and configured
pam for auth, session, password and account like this:
then I adding a second line in the pam like this:
auth required pam_env.so
auth sufficient pam_unix2.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_ldap.so config=/etc/ldap-extern.conf
use_first_pass
I'm not sure, whether I mixed up sth. as it seems the system
behaves differently, when nscd is running or not? I'm on
opensuse and I'm not sure, whether there was sth. mixed up,
when I first configured ldap client with yast. This also seems
to modify /etc/openldap/ldap.conf, but as far as I thought pam_ldap
should use /etc/ldap.conf.
any hint is appreciated.
kind regards
Sebastian
