Adam Tauno Williams wrote:
I'm looking for hints about switching user authentication to LDAP.
(We're using NIS up to now.) The LDAP server will be SLES, the
clients are a variety of SUSE Linux systems, in different versions,
and other Unix hosts.
I think that nscd should run on the clients, as LDAP has a rather
high latency, compared to NIS, and that would provide cached access
to passwd map entries. Can anybody confirm this or tell me anything
about performance issues?
nscd is OK for workstations; but busy servers are best off having their
own replicant. In many ways, nscd sucks.
Thanks for your other comments, they're well taken. But I want to
take up this topic for another round. ;-)
When I understand you correctly, you put an LDAP slave server with
slurpd on each busy server? Is that overhead really needed?
I wouldn't have thought that servers do access uid->name mappings so
often; most of the time their software's functionality only depends
on numeric uids, doesn't it?
I thought since TCP connection setup and teardown is much more
expensive than UDP (NIS) or sockets (nscd), that LDAP might have
performance problems here in interactive environments, when lots of
people do ls -l or so. Now you tell me that this is a problem for
unattended server operation as well. That means I have to
investigate our usage pattern. Hmm, maybe I should wireshark our NIS
traffic and see what happens there.
Could you please share more of your experience? Does a server really
use passwd and group lookups so often?
Joachim
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
