Re: nslcd and nscd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: nslcd and nscd
- From: twb-nss-pam-ldapd-users [at] cyber.com.au
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: nslcd and nscd
- Date: Fri, 4 Mar 2016 12:31:36 +1100
Arnau wrote:
> In our environment a "group all" query takes minutes (cause we use nested
> groups and we have a huge list of groups), so I'm wondering if there is a
> way to tell nslcd to pass that query to nscd (in other words, why is
> group=(all) not being served by nscd?)
Arnau, have you looked at nscd.conf?
That allows you to configure what is cached, and for how long.
[Nitpicking follows, you can ignore it.]
Arthur de Jong wrote:
> I think neither classic nscd or unscd can cache (all) queries due to
> their nature. I think they always fall back to the NSS backend (though
> there could be some aggressive caching options that could help).
From the unscd source (http://busybox.net/~vda/unscd/),
it doesn't support GETAI, INITGROUPS, GETSTAT.
The debian unscd package's nscd.conf claims:
# Currently supported cache names (services): passwd, group, hosts
Which means things like "getent services ssh" and "getent protocols tcp" aren't
cached.
I doubt this matters for real world cases.
I am not sure if this applies to glibc's nscd,
which is what Arnau is running.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
