On Thu, 2011-10-06 at 00:44:10 -0500, Dan Nelson wrote: > In the last episode (Oct 04), Trond Endrestol said: > > On Tue, 4 Oct 2011 18:51+0200, Dag-Erling Smorgrav wrote: > > > Trond Endrestol <trond.endres...@fagskolen.gjovik.no> writes: > > > > It's in daily use at Gjovik Technical College (Fagskolen i Gjovik), > > > > here in Norway. Both the mail and web servers authenticates our users > > > > by LDAP, and nscd certainly speeds up the lookups. > > > > > > OK. No trouble with clients dying of SIGPIPE? I could never reproduce > > > the bug, but both users who reported problems used ldap, and I don't > > > have an LDAP server to test against, so I thought it might be specific > > > to LDAP. > > > > Not in my (somewhat limited) experience. > > On a tangent, I also heavily recommend using the nss-pam-ldapd port instead > of nss_ldap. It includes a daemon called nslcd which is the only process > that links to the ldap libary. The nss module is a tiny plug that talks to > nslcd using a simple protocol. It really reduces the socket count to your > ldap server, and removes the potential namespace problems caused by > dlopening libldap.so in every process.
Seconded, I had endless troubles with leaked domain sockets and connection problems with nss_ldap and have found that only nss-pam-ldapd + nslcd will work somewhat reliably. Except it still manages to return empty results to sendmail every once in a while (for local delivery). Uli _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
