From owner-freebsd-questions@FreeBSD.ORG Wed Jun 8 18:44:07 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 989D916A41C for ; Wed, 8 Jun 2005 18:44:07 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D0FF43D55 for ; Wed, 8 Jun 2005 18:44:07 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/8.12.11/smtpout16/MantshX 4.0) with ESMTP id j58Ii5oJ002418; Wed, 8 Jun 2005 11:44:06 -0700 (PDT) Received: from [192.168.1.6] (pool-68-161-69-6.ny325.east.verizon.net [68.161.69.6]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id j58Ii3jf007718; Wed, 8 Jun 2005 11:44:04 -0700 (PDT) In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v730) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <5EE9BD2D-25F2-40C1-A166-2359C9C11788@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Wed, 8 Jun 2005 14:44:02 -0400 To: Ben Hockenhull X-Mailer: Apple Mail (2.730) Cc: freebsd-questions@freebsd.org Subject: Re: 5.x, LDAP and caching uid/gid data X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2005 18:44:07 -0000 On Jun 8, 2005, at 1:53 PM, Ben Hockenhull wrote: > There's no user information on the local system at all, so every > operation > that requires UID/GID information had to do an LDAP lookup to get > UID/GID > data. So, for example, every piece of mail delivered means an LDAP > lookup. > Ick. You really want to leave the standard system UIDs and GIDs in place, and use LDAP (or NIS, etc) to augment them with the additional information about network-wide users and groups. > Is there such a thing as nscd for FreeBSD, and if so, has anyone had > experience using it? I found a lookupd utility that looks > promising, but > I'm leery of implementing it in production as it seems like fairly > untested > software. lookupd has been around for close to fifteen years, and has been used with large user/group databases (50,000+ users). More to the point, the PADL stuff ought to play nicely with lookupd, since PADL came from the NEXTSTEP and now MacOS X community where lookupd originated. I am not sure that lookupd has been used or tested or shaken down as much with FreeBSD, so the integration with PAM may not be as mature as it's usage with the nss_ mechanism. However, if you really want nscd, I'd imagine that you ought to be able to hunt that down from Sun now that the source code for Solaris 10 is openly available...? -- -Chuck