Does anyone use nscd?

Ulrich Spörlein uqs at
Fri Oct 7 13:22:01 UTC 2011

On Thu, 2011-10-06 at 00:44:10 -0500, Dan Nelson wrote:
> In the last episode (Oct 04), Trond Endrestol said:
> > On Tue, 4 Oct 2011 18:51+0200, Dag-Erling Smorgrav wrote:
> > > Trond Endrestol <Trond.Endrestol at> writes:
> > > > It's in daily use at Gjovik Technical College (Fagskolen i Gjovik),
> > > > here in Norway.  Both the mail and web servers authenticates our users
> > > > by LDAP, and nscd certainly speeds up the lookups.
> > > 
> > > OK.  No trouble with clients dying of SIGPIPE?  I could never reproduce
> > > the bug, but both users who reported problems used ldap, and I don't
> > > have an LDAP server to test against, so I thought it might be specific
> > > to LDAP.
> > 
> > Not in my (somewhat limited) experience.
> On a tangent, I also heavily recommend using the nss-pam-ldapd port instead
> of nss_ldap.  It includes a daemon called nslcd which is the only process
> that links to the ldap libary.  The nss module is a tiny plug that talks to
> nslcd using a simple protocol.  It really reduces the socket count to your
> ldap server, and removes the potential namespace problems caused by
> dlopening in every process.

Seconded, I had endless troubles with leaked domain sockets and
connection problems with nss_ldap and have found that only nss-pam-ldapd
+ nslcd will work somewhat reliably. Except it still manages to return
empty results to sendmail every once in a while (for local delivery).


More information about the freebsd-hackers mailing list