On 22/08/12 19:04, Darek M wrote: > On Mon, Aug 20, 2012 at 12:09 PM, steve <[email protected]> wrote: >> >> Hi >> I don't know whether caching is the clue here but we ditched nss-ldap in >> favour of nss-pam-ldapd. It's faster all around and has a good caching >> system, nslcd. The switchover from one to the other is really easy and >> may be worth a try. > > nss-pam-ldapd seems promising. It already halved the login time with > the system offline, and doing an 'ls -l' on files owned by an LDAP > user results in only a couple of seconds delay, whereas it hung for a > while with nss-ldap. I also like the ignore users option. I'll play > around with this. Thanks! >
No problem. Just remembered a gotcha. If you are doing any debugging or experimenting, or e.g. user uidNumber:gidNumber doesn't update when you change it in LDAP, I'd recommend turning off nscd. Cheers, Steve ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
