Date: Fri, 7 Oct 2011 15:20:18 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= <uqs@spoerlein.net> To: Dan Nelson <dnelson@allantgroup.com> Cc: Dag-Erling Smorgrav <des@des.no>, hackers@freebsd.org, Trond Endrestol <Trond.Endrestol@fagskolen.gjovik.no> Subject: Re: Does anyone use nscd? Message-ID: <20111007132017.GI26743@acme.spoerlein.net> In-Reply-To: <20111006054409.GS9801@dan.emsphone.com> References: <86sjn84wco.fsf@ds4.des.no> <alpine.BSF.2.00.1110041800290.18373@mail.fig.ol.no> <86obxw4s4w.fsf@ds4.des.no> <alpine.BSF.2.00.1110042050500.18373@mail.fig.ol.no> <20111006054409.GS9801@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2011-10-06 at 00:44:10 -0500, Dan Nelson wrote: > In the last episode (Oct 04), Trond Endrestol said: > > On Tue, 4 Oct 2011 18:51+0200, Dag-Erling Smorgrav wrote: > > > Trond Endrestol <Trond.Endrestol@fagskolen.gjovik.no> writes: > > > > It's in daily use at Gjovik Technical College (Fagskolen i Gjovik), > > > > here in Norway. Both the mail and web servers authenticates our users > > > > by LDAP, and nscd certainly speeds up the lookups. > > > > > > OK. No trouble with clients dying of SIGPIPE? I could never reproduce > > > the bug, but both users who reported problems used ldap, and I don't > > > have an LDAP server to test against, so I thought it might be specific > > > to LDAP. > > > > Not in my (somewhat limited) experience. > > On a tangent, I also heavily recommend using the nss-pam-ldapd port instead > of nss_ldap. It includes a daemon called nslcd which is the only process > that links to the ldap libary. The nss module is a tiny plug that talks to > nslcd using a simple protocol. It really reduces the socket count to your > ldap server, and removes the potential namespace problems caused by > dlopening libldap.so in every process. Seconded, I had endless troubles with leaked domain sockets and connection problems with nss_ldap and have found that only nss-pam-ldapd + nslcd will work somewhat reliably. Except it still manages to return empty results to sendmail every once in a while (for local delivery). Uli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111007132017.GI26743>