Re: LDAP "I have no name!"
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: LDAP "I have no name!"
- From: "Trent W. Buck" <twb-nss-pam-ldapd-users [at] cyber.com.au>
- To: rdkehn [at] yahoo.com
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: LDAP "I have no name!"
- Date: Tue, 19 May 2015 11:24:20 +1000
rdkehn@yahoo.com wrote:
> Once I got LDAP authentication working,
> I noticed that the command prompt and whoami returned "I have no name!".
> I resolved this by installing/configuring nscd.
> I saw that Debian has unscd.
> However, I was wondering if there was alternative to running a daemon?
u/nscd just do caching.
In theory, you shouldn't ever get different results from them.
In practice, you can - for example,
- PADL nss-ldap ran in-process (cf. nslcd),
so setuid processes like sudo & ping can get confused.
Because nscd moves some queries to a non-setuid proc,
it "fixes" them.
- u/nscd can show old data;
the system might work for a while after you broke LDAP,
or stay broken for a while after you fix LDAP.
> If a caching daemon is needed,
> is nscd or unscd more desirable?
> I've read pros/cons for each.
My anecdotal evidence is that nscd causes problems,
and unscd does not cause problems.
I found it indispensible with samba4 AD, which does no caching at all.
e.g. "find /srv -nouser" time went from weeks to minutes.
The improvement I saw adding unscd to nslcd was far less noticable --
IIRC it reduced the amount of traffic to the LDAP server by a factor
of ten.
If you can get to this ML's archives,
look at <20140926011135.GA2148@frey> thread for some notes I made at the time.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
