Re: Overhead if we have single nsswitch.conf for ldap/linux users
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Overhead if we have single nsswitch.conf for ldap/linux users
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Raviteja Bailapudi <rbailapu [at] in.ibm.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Overhead if we have single nsswitch.conf for ldap/linux users
- Date: Mon, 08 Apr 2019 23:17:37 +0200
On Mon, 2019-04-08 at 08:44 +0000, Raviteja Bailapudi wrote:
> In our setup we support both local(pam_linux) and ldap
> authentication, As part of this configuration we have to make
> changesin the nsswitch file to include the ldap for passwd,groups and
> shadow module.
>
> Do you see any overhead of keeping both modules in the nsswitch file
> even if the ldap service is disabled?
If you don't have libnss-ldapd (the NSS module) installed and have ldap
lines in /etc/nsswitch.conf you should only have a very minor
performance hit. The only thing that will happen is that for name
lookups the application will try to load libnss_ldap.so.2 which it will
not find.
If libnss_ldap.so.2 is found but nslcd is running everything should
also happen pretty quickly (because the socket to connect to nslcd will
be absent).
For most scenarios this should not be any impact and using nscd will
reduce the impact further. Only if you are doing high volume name
lookups could this be an issue (but you wouldn't use LDAP in that case
anyway).
Hope this helps,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/