lists.arthurdejong.org
RSS feed

Re: [nssldap] nss-ldap timeouts when used with nscd and gnutls

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] nss-ldap timeouts when used with nscd and gnutls





Arthur de Jong wrote:
On Tue, 2009-04-21 at 15:22 -0500, Douglas E. Engert wrote:
Your analysis makes sense to me. But at the moment I'm no longer interested in nss-ldap since nss-ldapd ( + slapd nssov) works better
and offers easier administration.
Sounds interesting, but we are trying to stick with what is offered by
Ubuntu.

FWIW some releases of Ubuntu have nss-ldapd (libnss-ldapd) but I would
avoid version 0.5. The 0.6.7 release is known to work quite well and is
included in Debian stable. There is however no packaged version of the
nssov in slapd as far as I know (but you can use nss-ldapd without it).

Thanks, we will have to look at that.

I did see in the archives that Howard Wilkinson on Dec 9, 2008
"Mega patch against nss_ldap 264" said:

"My intention with this is to make the critical path through the code run
 the minimal code when a connection to the LDAP server exists, make
 recovery on failure more resilient, and provide for multiple SASL mechs
 without need to alter the ldap-nss code."

If it handles the cases where do_result fails, and timeout and connection
errors reconnect to any server that may fix the issue I have seen.


Since we're working hard on a PAM module (actually Howard Chu is doing
all the hard work at the moment) as a side effect we may also make it
more easily possible to use the nss-ldapd NSS module together with a
packaged slapd-nssov package (if such a package would be made).

(it's a bit awkward to post a more or less nss-ldapd promotional message
on the nss_ldap list)


--

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444