On Thu, Jun 21, 2012 at 08:36:30AM +0200, Martin Schuster (IFKL IT OS DS CD) wrote:
service nscd restart
This won't help if nscd is configured to store its cache on disk ("persistent").
It's usually better to use nscd -i passwd -i, --invalidate=TABLE Invalidate the specified cache
Good point.
Or, even better: While trying to configure and/or debug the nameservice, stop nscd completely :)
Agreed, but there are some cases where that actually breaks the nameservice entirely :-( The problem cases are where the relevant ldap.conf file contains a DN and password for access to the LDAP service and has therefore been made readable only by root. With nscd running all LDAP access is done by the nscd process which runs as root so it works. With nscd stopped the LDAP operations are done directly by client processes, many of which cannot read the config file.
A better solution would be to use nslcd: http://arthurdejong.org/nss-pam-ldapd/ or OpenLDAP's NSS overlay (currently in contrib, so not built by default).
Andrew