[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LDAP-nss - was unwanted loading of libnss_nis.so in etch

On Monday 19 February 2007 02:52, Petter Reinholdtsen <pere@hungry.com> wrote:
> > Can't you change the timeout? According to the comment in my
> > libnss-ldap you can:
> Sure.  But reducing it to a value where it is usable would render the
> timeout useless.  It would have to be <5 seconds, and that almost
> equivalent to connecting to all the servers at once and picking the
> quickest responder.  I would rather have a system where all the
> available LDAP servers are tested regularly, and the
> best/quickest/available ldap server is used by nss_ldap when a program
> request nss info.  Like ypbind is doing today, checking NIS servers
> every 15 minutes or when a client report connection problems, and thus
> making sure a client survive network splits as long as at least one
> NIS server is available.

I have been thinking about this for a while.  The only option that has 
occurred to me which seems viable is to have some sort of LDAP proxy which 
knows a reasonably fast server and keeps sending requests to it.  It could 
even have a connection kept open all the time for fast response.  Of course 
if proxying such data then the next obvious thing to do is to cache it as 

NSCD is designed as a proxy/cache for account data.  Could NSCD do this?

Of course you still have lookups from PAM and from applications that do LDAP 
queries so having an LDAP cache on localhost will still provide some 

http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to: