Undocumented pam_ldap
LDAP documentation is some of the worst there is. Not general LDAP — that's pretty decent — but documentation for the specific open-source implementations.
For instance, the last time I wanted to do something interesting with ACLs in OpenLDAP, I had to guess at about half of it since the documentation was quite sparse.
I bring this up because today I was trying to convince the pam_ldap module to do what I wanted for SMTP AUTH. Specifically, I want it to authenticate using the mail attribute instead of the uid attribute. Mind you, I still want to use the uid attribute for almost everything else.
So, I went to the sources and discovered this amazing bit of code in
pam_sm_authenticate:
else if (!strncmp (argv[i], "config=", 7))
configFile = argv[i] 7;
Which means your
auth required pam_ldap.so config=/etc/exim/pam_ldap.conf
You can use different
Now, why isn't this documented? I suspect it is because the people who develop the LDAP PAM module (PADL) have very little incentive to include really good documentation. The less they include, the more likely someone will pay for a licence and support. Still, I can write some documentation and see if they include it in the next release.
Update: I did find the following in
80 Luke Howard <lukeh@padl.com> * added support for configurable configuration files; you can now specify an alternate configuration file using the config= parameter in pam.conf. This patch was provided by scremer@dohle.com
But I shouldn't have to read the ChangeLog to find documentation for a feature.