Re: [nssldap] release 0.2 of nss-ldapd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] release 0.2 of nss-ldapd
- From: Ralf Haferkamp <rhafer [at] suse.de>
- To: nssldap [at] padl.com
- Cc: Arthur de Jong <arthur [at] ch.tudelft.nl>
- Subject: Re: [nssldap] release 0.2 of nss-ldapd
- Date: Mon, 18 Jun 2007 15:29:15 +0200
On Tuesday 12 June 2007 09:39, Arthur de Jong wrote:
> > After reading your docs a bit...
> > Question: What is the benefit of using your nss-ldapd over the normal
> > padl software with nscd running?
[..]
> So in short, the biggest benefits are that nss-ldapd makes hostname
> lookups through LDAP work and speeds up namelookup failures if the LDAP
> server is not (yet) available (because the daemon part is started after
> the LDAP server is available).
There are some other advantages I can see from having a daemonized nss_ldap.
Those are e.g.:
- No more symbol clashes when an application that uses nss_ldap is linked
agains a different LDAP or SSL library (e.g. Thunderbird is a prominent
example which normally uses the Mozilla LDAP libraries.). A work around for
this is to link nss_ldap statically, but this creates a maintenance
nightmare.
- Clients using nss_ldap will really only have one connection open to the LDAP
Server. Now, even if using nscd, most of the time every client has multiple
LDAP connection opened. (udevd being an example, because it is usually
started before nscd. Or all binaries using any of the getXXent() calls, cause
those are not handled by nscd).
- Additionally it might get easier to setup some features using a daemonized
nss_ldap. (e.g. currently using nss_ldap in a kerberized enviroment is a bit
of a hazzle)
- Some interesting new feature could be added. E.g. offline support in
nss_ldap. (For that of course a caching feature would need to be added to
nss_ldap)
Note: Some of the above stuff could also get realized by setting up a local
instance of the OpenLDAP server as a caching proxy (having nss_ldap talking
to it via LDAPI), but I still like the idea of a daemonized nss_ldap very
much.
BTW, would the longterm goal of your project be to have this stuff somehow
integrated into the PADL code, or don't you see that happening?
> You will still need nscd for the caching part though.
--
regards,
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com