5.x, LDAP and caching uid/gid data
Tony Shadwick
tshadwick at goinet.com
Wed Jun 8 21:42:31 GMT 2005
On Wed, 8 Jun 2005, Charles Swiger wrote:
> On Jun 8, 2005, at 1:53 PM, Ben Hockenhull wrote:
>> There's no user information on the local system at all, so every operation
>> that requires UID/GID information had to do an LDAP lookup to get UID/GID
>> data. So, for example, every piece of mail delivered means an LDAP lookup.
>> Ick.
>
> You really want to leave the standard system UIDs and GIDs in place, and use
> LDAP (or NIS, etc) to augment them with the additional information about
> network-wide users and groups.
>
>> Is there such a thing as nscd for FreeBSD, and if so, has anyone had
>> experience using it? I found a lookupd utility that looks promising, but
>> I'm leery of implementing it in production as it seems like fairly untested
>> software.
>
> lookupd has been around for close to fifteen years, and has been used with
> large user/group databases (50,000+ users). More to the point, the PADL
> stuff ought to play nicely with lookupd, since PADL came from the NEXTSTEP
> and now MacOS X community where lookupd originated.
>
> I am not sure that lookupd has been used or tested or shaken down as much
> with FreeBSD, so the integration with PAM may not be as mature as it's usage
> with the nss_ mechanism.
>
> However, if you really want nscd, I'd imagine that you ought to be able to
> hunt that down from Sun now that the source code for Solaris 10 is openly
> available...?
>
> --
> -Chuck
What about caching, as he asked originally? If a laptop user "walks
away" from the network where the LDAP or NIS server is located, will it
cache auth info so the user can still get in?
More information about the freebsd-questions
mailing list