RSS feed

Re: LDAP "I have no name!"

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: LDAP "I have no name!" wrote:
> Once I got LDAP authentication working,
> I noticed that the command prompt and whoami returned "I have no name!".
> I resolved this by installing/configuring nscd.
> I saw that Debian has unscd.
> However, I was wondering if there was alternative to running a daemon?

u/nscd just do caching.

In theory, you shouldn't ever get different results from them.

In practice, you can - for example,

  - PADL nss-ldap ran in-process (cf. nslcd),
    so setuid processes like sudo & ping can get confused.
    Because nscd moves some queries to a non-setuid proc,
    it "fixes" them.

  - u/nscd can show old data;
    the system might work for a while after you broke LDAP,
    or stay broken for a while after you fix LDAP.

> If a caching daemon is needed,
> is nscd or unscd more desirable?
> I've read pros/cons for each.

My anecdotal evidence is that nscd causes problems,
and unscd does not cause problems.

I found it indispensible with samba4 AD, which does no caching at all.
e.g. "find /srv -nouser" time went from weeks to minutes.

The improvement I saw adding unscd to nslcd was far less noticable --
IIRC it reduced the amount of traffic to the LDAP server by a factor
of ten.

If you can get to this ML's archives,
look at <20140926011135.GA2148@frey> thread for some notes I made at the time.
To unsubscribe send an email to or see