Neil Dunbar wrote:
On 4 Mar 2010, at 10:03, Ryan Steele wrote:
Howard Chu wrote:
Ryan Steele wrote:
Hey folks,
In order to provide stability to my OpenLDAP clients in the event of a network outage, I would like to implement some client-side caching. I've done some research, and have concluded that nscd is evil and should be avoided at all costs,
It's not necesarily evil, it just doesn't work...
Damn straight it doesn't work. I end up shooting it in the face wherever I can. For some reason, SLES seems to be particularly good at breaking things, IME. Debian/Ubuntu and RHEL/CentOS seem to be more forgiving - slightly.
Anyway - I've also been hacking out a caching proxy config for our enterprise directory, so for what it's worth, this is it. It's by no means optimised - so feel free to hack it to pieces.
And while nssov is really cute, since it exists in the same process space as slapd, it doesn't end up triggering the pcache, which does gets fired upon incoming LDAP requests from an external process (nslcd). It's probably that I just suck, and didn't configure slapd quite right, but that's why I ended up still using nslcd and slapd on the same box.
Hm, you probably have them configured in the wrong order. I specifically designed nssov and pcache to work together, and they do.
On the plus side, this works quite well for laptop configurations which have partial connectivity. Mind you, when I mentioned having enterprise credentialing on personal laptops to my colleagues, the response was ... less than enthusiastic.