Re: [nssldap] release 0.2 of nss-ldapd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] release 0.2 of nss-ldapd
- From: Arthur de Jong <arthur [at] ch.tudelft.nl>
- To: nssldap [at] padl.com
- Subject: Re: [nssldap] release 0.2 of nss-ldapd
- Date: Tue, 12 Jun 2007 09:39:53 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After reading your docs a bit...
Question: What is the benefit of using your nss-ldapd over the normal
padl software with nscd running?
The most immediate problem that was solved for me was that hostname
lookups with the existing scheme did not work due to locking issues (this
was the reason my employer was also willing to put some time in it).
http://bugs.debian.org/340601
http://bugs.debian.org/218958
http://bugs.debian.org/343151
http://bugs.debian.org/359713
The other reason was that there are a number of issues when using nss_ldap
during boot. Especially udev triggers some problems:
http://bugs.debian.org/412328
http://bugs.debian.org/375215
http://bugs.debian.org/375077
For the most part this is related to the fact that OpenSSL is not really
fit for use in an unknown environment. Problems may arise when you are
using OpenSSL in a program but also doing name lookups with nss_ldap.
Threading complicates matters even more.
So in short, the biggest benefits are that nss-ldapd makes hostname
lookups through LDAP work and speeds up namelookup failures if the LDAP
server is not (yet) available (because the daemon part is started after
the LDAP server is available).
You will still need nscd for the caching part though.
- --
- -- arthur - arthur@ch.tudelft.nl - http://ch.tudelft.nl/~arthur --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGbk3MdW9ORzoziHIRAodFAKCVZLZcvil3pz5IzKCzO1LtPSECiACfWvtk
Sw4AjIlEAc+B34gvvaouEuw=
=jd09
-----END PGP SIGNATURE-----