Understanding nscd and caching

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Matt Hughes <hughes.matt [at] gmail.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Understanding nscd and caching
Date: Wed, 24 Sep 2014 12:26:42 -0400

I’m running nslcd with the latest 0.9.4 release. I’m trying to add caching support so I don’t hit my LDAP server with multiple requests from the same user.

At first I thought the new ‘cache’ config option would help, but it doesn’t appear to cache everything. I then turned on nscd, but I don’t see nslcd making requests to the nscd. Has anyone here set this up? Sample config?

nscd.conf:

    enable-cache        passwd      yes
    positive-time-to-live   passwd      600
    negative-time-to-live   passwd      20
    suggested-size      passwd      211
    check-files     passwd      yes
    persistent      passwd      yes
    shared          passwd      yes
    max-db-size     passwd      33554432
    auto-propagate      passwd      yes

nsswitch.conf:

passwd:     files ldap
shadow:     files ldap
group:      files ldap

nslcd.conf:

uid nslcd
gid ldap

log /var/log/nslcd.debug.log debug

# The LDAP version to use
ldap_version 3

scope sub
pagesize 1000
referrals off
idle_timelimit 800

# The two lines below describes how it should be searched in AD for a user and for a group
filter passwd (objectClass=user)
filter group  (objectClass=group)

# The lines below describe the mapping of Posix attributes to their analogs in AD
map passwd uid sAMAccountName
map passwd homeDirectory "/home/$sAMAccountName"
map    passwd uidNumber     objectSid:S-1-5-21-2052111302-448539723-1801674531
map    passwd gidNumber     objectSid:S-1-5-21-2052111302-448539723-1801674531
map    passwd gecos         displayName
map    passwd loginShell    "/bin/bash"
map    group gidNumber      objectSid:S-1-5-21-2052111302-448539723-1801674531

# ignore case of the search
ignorecase yes

# Secure Socket Layer, yes we do!
ssl on
tls_cacertdir /etc/ssl/certs
tls_reqcert never

cache dn2uid 5m

I did compile nss-pam-ldap with --enable-debug but don’t see any output at the log file specified.

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Understanding nscd and caching, Matt Hughes

Re: Understanding nscd and caching, Arthur de Jong
- Re: Understanding nscd and caching, Matt Hughes
  - Re: Understanding nscd and caching, Trent W. Buck
Re: Understanding nscd and caching, Trent W. Buck

Prev by Date: Re: [PATCH] don't log "No such object" errors when a user is not found
Next by Date: Re: Understanding nscd and caching
Previous by thread: Re: Problem on Centos 7 - segfault in libc
Next by thread: Re: Understanding nscd and caching