From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  8 17:53:38 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D14D016A41C
	for <freebsd-questions@freebsd.org>;
	Wed,  8 Jun 2005 17:53:38 +0000 (GMT) (envelope-from benh@jpj.net)
Received: from blues.jpj.net (blues.jpj.net [208.210.80.156])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 738DF43D58
	for <freebsd-questions@freebsd.org>;
	Wed,  8 Jun 2005 17:53:38 +0000 (GMT) (envelope-from benh@jpj.net)
Received: from [192.168.11.10] (xlate-7-254.webster.edu [198.246.7.254])
	by blues.jpj.net (8.12.9p2/8.12.9) with ESMTP id j58HrxLb000830
	for <freebsd-questions@freebsd.org>;
	Wed, 8 Jun 2005 13:53:59 -0400 (EDT) (envelope-from benh@jpj.net)
X-Sender: benh@blues.jpj.net
Message-Id: <v0310280cbeccdb8867d8@[192.168.11.10]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 8 Jun 2005 12:53:31 -0500
To: freebsd-questions@freebsd.org
From: Ben Hockenhull <benh@jpj.net>
X-Scanned-By: MIMEDefang 2.51 on 208.210.80.156
Subject: 5.x, LDAP and caching uid/gid data
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2005 17:53:38 -0000

We're in the midst of implementing a couple of FreeBSD servers, each
containing about 5k users, with authentication against LDAP.  We're using
PADL's nss_ldap and pam_ldap modules, and while things work well, I'm
looking for ways to improve performance and reduce active queries against
LDAP.

There's no user information on the local system at all, so every operation
that requires UID/GID information had to do an LDAP lookup to get UID/GID
data.  So, for example, every piece of mail delivered means an LDAP lookup.
Ick.

Is there such a thing as nscd for FreeBSD, and if so, has anyone had
experience using it?  I found a lookupd utility that looks promising, but
I'm leery of implementing it in production as it seems like fairly untested
software.

Failing nscd or a similar thing, are there other ways I can cache this
infomration or otherwise improve performance?

Thanks.

Ben