Mailinglist Archive: opensuse (3354 mails)

< Previous Next >
[opensuse] Re: User authentication with LDAP, your experience?
  • From: Joachim Schrod <jschrod@xxxxxxx>
  • Date: Wed, 21 Mar 2007 11:53:34 +0100
  • Message-id: <etr2re$qq$1@xxxxxxxxxxxxx>
Adam Tauno Williams wrote:
I'm looking for hints about switching user authentication to LDAP. (We're using NIS up to now.) The LDAP server will be SLES, the clients are a variety of SUSE Linux systems, in different versions, and other Unix hosts.

I think that nscd should run on the clients, as LDAP has a rather high latency, compared to NIS, and that would provide cached access to passwd map entries. Can anybody confirm this or tell me anything about performance issues?

nscd is OK for workstations;  but busy servers are best off having their
own replicant.  In many ways, nscd sucks.

Thanks for your other comments, they're well taken. But I want to take up this topic for another round. ;-)

When I understand you correctly, you put an LDAP slave server with slurpd on each busy server? Is that overhead really needed?

I wouldn't have thought that servers do access uid->name mappings so often; most of the time their software's functionality only depends on numeric uids, doesn't it?

I thought since TCP connection setup and teardown is much more expensive than UDP (NIS) or sockets (nscd), that LDAP might have performance problems here in interactive environments, when lots of people do ls -l or so. Now you tell me that this is a problem for unattended server operation as well. That means I have to investigate our usage pattern. Hmm, maybe I should wireshark our NIS traffic and see what happens there.

Could you please share more of your experience? Does a server really use passwd and group lookups so often?

        Joachim

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod                          Email: jschrod@xxxxxxx
Roedermark, Germany

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups