Does anyone use nscd?
uqs at spoerlein.net
Fri Oct 7 13:22:01 UTC 2011
On Thu, 2011-10-06 at 00:44:10 -0500, Dan Nelson wrote:
> In the last episode (Oct 04), Trond Endrestol said:
> > On Tue, 4 Oct 2011 18:51+0200, Dag-Erling Smorgrav wrote:
> > > Trond Endrestol <Trond.Endrestol at fagskolen.gjovik.no> writes:
> > > > It's in daily use at Gjovik Technical College (Fagskolen i Gjovik),
> > > > here in Norway. Both the mail and web servers authenticates our users
> > > > by LDAP, and nscd certainly speeds up the lookups.
> > >
> > > OK. No trouble with clients dying of SIGPIPE? I could never reproduce
> > > the bug, but both users who reported problems used ldap, and I don't
> > > have an LDAP server to test against, so I thought it might be specific
> > > to LDAP.
> > Not in my (somewhat limited) experience.
> On a tangent, I also heavily recommend using the nss-pam-ldapd port instead
> of nss_ldap. It includes a daemon called nslcd which is the only process
> that links to the ldap libary. The nss module is a tiny plug that talks to
> nslcd using a simple protocol. It really reduces the socket count to your
> ldap server, and removes the potential namespace problems caused by
> dlopening libldap.so in every process.
Seconded, I had endless troubles with leaked domain sockets and
connection problems with nss_ldap and have found that only nss-pam-ldapd
+ nslcd will work somewhat reliably. Except it still manages to return
empty results to sendmail every once in a while (for local delivery).
More information about the freebsd-hackers