5.x, LDAP and caching uid/gid data
Tony Shadwick
tshadwick at goinet.com
Wed Jun 8 18:24:41 GMT 2005
Hmm....
Just based on my past experiences with NIS (working on learning LDAP as
we speak), one would normally have SOME local user data.
For example, a local sendmail user, a local root user, if you're running a
MySQL daemon locally, you'd have a local mysql user.
I think? Someone could correct me if I'm wrong here, but I see little
benefit from having the smmsp user being in ldap and not local to the
machine. Feel free to prove me wrong on this though. :)
I'd still be interested in hearing about ldap caching, as it relates to me
earlier question about laptop users and centralized auth.
On Wed, 8 Jun 2005, Ben Hockenhull wrote:
> We're in the midst of implementing a couple of FreeBSD servers, each
> containing about 5k users, with authentication against LDAP. We're using
> PADL's nss_ldap and pam_ldap modules, and while things work well, I'm
> looking for ways to improve performance and reduce active queries against
> LDAP.
>
> There's no user information on the local system at all, so every operation
> that requires UID/GID information had to do an LDAP lookup to get UID/GID
> data. So, for example, every piece of mail delivered means an LDAP lookup.
> Ick.
>
> Is there such a thing as nscd for FreeBSD, and if so, has anyone had
> experience using it? I found a lookupd utility that looks promising, but
> I'm leery of implementing it in production as it seems like fairly untested
> software.
>
> Failing nscd or a similar thing, are there other ways I can cache this
> infomration or otherwise improve performance?
>
> Thanks.
>
> Ben
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list