I cannot comment on idmap_rid approach because I am currently using idmap_ldap. I have had a wonderful experience with this setup. Also on all the clients I am running nscd and I have had no troubles.
If nscd ever gives you trouble all you have to do is invalidate the cache in question. Rather than shutting down nscd you can simpley do nscd -i passwd to flush the users cache. I must warn you that the idmap_ldap setup is horribly unstable on RHEL3.xand CentOS 3.x. Winbind dies periodically. However on CentOS4/RHEL4 and SLEL 9.3 it is very stable. I am also running Gentoo clients and it is very stable on that too. By the way initially I did all my testing without nscd. I only started to use nscd when I noticed the increased load on ldap server and slow response. On 12/16/05, Simo Sorce <[EMAIL PROTECTED]> wrote: > > On Fri, 2005-12-16 at 12:33 +0100, Michael Gasch wrote: > > it has always been mentioned, that idmap_rid is the better backend in > > large organizations > > Sorry ? > > I do not think idmap_rid is good for v. large organization. > Probably the best bet is idmap_ldap. > > Nscd is ok as long as you know it's downsides. For example on the PDC it > is necessary to shut it down while adding or modifying users, and it may > be a problem on member servers as it caches both positive _and_ negative > lookups. > > Simo. > > -- > Simo Sorce - [EMAIL PROTECTED] > Samba Team - http://www.samba.org > Italian Site - http://samba.xsec.it > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- "Knowledge is the only wealth that grows as you spend it, and diminishes as you save it." -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
