[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Optimizing OpenLDAP pam authentication (it's very slow)

Thus spake C.Lee Taylor ( Scania SA ):

>     I use RedHat 7.1 which, somewhere in the doc's, explains that using nscd
> ( which I think is Nis Server Cache Daemon ). might make things a little
> quicker, or am I missing something ...

A warning against using NSCD: It does indeed help reduce load on the
LDAP server and makes local mappings faster, but I've also had problems
with it causing the machine to hang.  The problem seems to be triggered
by shutting the LDAP server down while nscd is performing a look-up.
nscd gets hung, the open() on the UNIX domain socket works, but nscd
will never respond and so the system will either hang or time-out (been a
while, don't remember which).  I saw this with glibc 2.1 and 2.2.1 systems
(RH 6.2 & 7.0); I don't know if it's been fixed with 7.1 and glibc 2.2.3.

W. Reilly Cooley                           wcooley@nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
LNXS: Get 0.2.0-devel at http://sourceforge.net/projects/lnxs/
irc.openprojects.net                                     #lnxs

It is now quite lawful for a Catholic woman to avoid pregnancy by a resort to
mathematics, though she is still forbidden to resort to physics and chemistry.
		-- H.L. Mencken

Attachment: pgp8kY9nFoE0S.pgp
Description: PGP signature