> What is the different between ldap password sync and unix password
> sync when I'm using nss_ldap?
The former connects to LDAP directly and uses the password extended
operation to change the value of userPassword.
The later is a chat/expect mechanism that can drive virtually any
password change mechanism (usually PAM I suspect).
The former method is certainly faster and more reliable.
The second method allows you more flexibility and the ability to support
things like Kerberos V migration, shadow password aging, etc...
> Both parameter seems serve same function.
Sort of.