[nssldap] Re: disconnected nss_ldap

["Brian J. Murrell" <brian [at] interlinx.bc.ca>]

On Sat, 2009-10-24 at 00:09 -0400, Ryan Lynch wrote:
> 
> Do you know about NSCD (the Name Service Caching Daemon)?

Wow.  I'm trying really hard not to be rude here, but did you bother to
read my original posting?  I will quote here for you what I said about
NSCD:

> > I realize that caching is what is needed here and I have looked into
> > nscd for this, using it's persistent storage feature, but it just
> > doesn't seem to be thought out well enough from the temporarily
> > disconnected use-case.  It seems that nscd needs two timeouts.  One
> > at which it will try to refresh a stale entry and a second at which
> > it will expire a stale entry.  Reasonable times for the two would be
> > something on the order of 10 minutes and 30 days, respectively.

> It's built
> to handle this kind of thing,

Not really, it seems.  In practise anyway.  I have tried the recommended
"reload-count = unlimited" but as reported by another, it doesn't seem
to entirely solve the problem.  See
http://sourceware.org/bugzilla/show_bug.cgi?id=2132 for details.

The digested summary is that the above option does not appear to prevent
entries from being expired from the cache when the timeout is set
reasonably low (like several minutes).  Setting the timeout to some
god-awful huge value, like 30 days leads to nscd having stale data, even
when connected to the network.  Hence the proposal for two timeouts in
my original posting as well as in the above mentioned bug.

Do you actually use NSCD to solve this?  I'd be interested in your
experience (off-line as this is pretty OT for this list) as popular
experience with a proper configuration seems to be that it doesn't work.

b.