[CentOS] LDAPs causing System Message Bus to hang when there's no network

Wed May 4 11:07:55 UTC 2011
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Tue, 3 May 2011, aurfalien at gmail.com wrote:

> So whats the answer today for ~10K users?
>
> The bug fixes suggested here work around the problems I have been
> encountering.

Well that's good then.

> Can any one comment on what ppl are using for larger deployments?  I
> hope its not a resounding M$ AD?!

I use a lightly patched nss_ldap and it's far from terrible.  I'm forced to
either use nss_getgrent_skipmembers or limit the number of groups it can see
by localising it to a specific OU, as the performance becomes unworkable
otherwise.  I've additionally patched it to improve performance against our
tree by optimising some of the queries using site specific details.

nss_getgrent_skipmembers is not without downsides, but if it's tolerable in
your situation it'll get you the best performance.

In my case, the server end is indeed AD.

It's been considerably faster and more stable than using winbind.

jh