David Parker <dpar...@utica.edu> wrote: > Well, crap. It turns out this isn't a problem. PAM is configured for > LDAP authentication and so it opens a connection each time I log in, > owned by my sshd process, even though it's not using LDAP > authentication for root. And the other LDAP queries I'm seeing are > being sent when users authenticate via sendmail. Case closed!
This is why you use libpam-ldapd (instead of libpam-ldap) in combination with libnss-ldapd (instead of libnss-ldap). Its design with a separate daemon (nslcd) doing the actual LDAP connection is far superior compared to the original lib*-ldap code. It also means that libldap itself is only mapped into the central server process and not into every process on the system. Grüße, Sven -- Sigmentation fault. Core dumped.
