From owner-freebsd-hackers@FreeBSD.ORG Fri Oct 7 13:22:01 2011 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DEEF81065670 for ; Fri, 7 Oct 2011 13:22:01 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by mx1.freebsd.org (Postfix) with ESMTP id 6F6058FC13 for ; Fri, 7 Oct 2011 13:22:01 +0000 (UTC) Received: from localhost (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by acme.spoerlein.net (8.14.4/8.14.4) with ESMTP id p97DKI3a080708 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 7 Oct 2011 15:20:19 +0200 (CEST) (envelope-from uqs@spoerlein.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=spoerlein.net; s=dkim200908; t=1317993619; bh=t5BYcygxA/DHtthPOa80AJ2DneS9gVdhz7yHcLTZvsI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=XyvcyskJCyDyg8m3pWhoPs7DaapPj3bQj/1+NzIPYHjZzcJ5ZaceFGZuni1niSw41 t+KGXBpeglI/r0i/Po5OZJB++jB2n6mibTPAYgwB6tPrKa5balyjuy0ZnI9+hJkGvP jRzAQEoFGqRP0NKt1zFy2zNCGJiOy+5P/qF8s/hA= Date: Fri, 7 Oct 2011 15:20:18 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Dan Nelson Message-ID: <20111007132017.GI26743@acme.spoerlein.net> Mail-Followup-To: Dan Nelson , Trond Endrestol , Dag-Erling Smorgrav , hackers@freebsd.org References: <86sjn84wco.fsf@ds4.des.no> <86obxw4s4w.fsf@ds4.des.no> <20111006054409.GS9801@dan.emsphone.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20111006054409.GS9801@dan.emsphone.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Dag-Erling Smorgrav , hackers@freebsd.org, Trond Endrestol Subject: Re: Does anyone use nscd? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2011 13:22:01 -0000 On Thu, 2011-10-06 at 00:44:10 -0500, Dan Nelson wrote: > In the last episode (Oct 04), Trond Endrestol said: > > On Tue, 4 Oct 2011 18:51+0200, Dag-Erling Smorgrav wrote: > > > Trond Endrestol writes: > > > > It's in daily use at Gjovik Technical College (Fagskolen i Gjovik), > > > > here in Norway. Both the mail and web servers authenticates our users > > > > by LDAP, and nscd certainly speeds up the lookups. > > > > > > OK. No trouble with clients dying of SIGPIPE? I could never reproduce > > > the bug, but both users who reported problems used ldap, and I don't > > > have an LDAP server to test against, so I thought it might be specific > > > to LDAP. > > > > Not in my (somewhat limited) experience. > > On a tangent, I also heavily recommend using the nss-pam-ldapd port instead > of nss_ldap. It includes a daemon called nslcd which is the only process > that links to the ldap libary. The nss module is a tiny plug that talks to > nslcd using a simple protocol. It really reduces the socket count to your > ldap server, and removes the potential namespace problems caused by > dlopening libldap.so in every process. Seconded, I had endless troubles with leaked domain sockets and connection problems with nss_ldap and have found that only nss-pam-ldapd + nslcd will work somewhat reliably. Except it still manages to return empty results to sendmail every once in a while (for local delivery). Uli