On Fri, 2008-08-01 at 17:33 -0700, nate wrote: > I personally don't like LDAP(after having used it for many years now). > I do use it at home, though only two of the 6 systems I have are > actually using it(I also use it for mail routing but that is a > legacy thing I setup 7 years ago that I haven't gotten around to > migrating off of). I'm in the slow process of migrating my company's > systems off of LDAP, they are using it for authentication and it's > horribly unreliable and I hate that single point of failure and > the complexity of setting it up and maintaining it. They have a > cron script that restarts the LDAP services every 15 minutes and > they restart nscd on all of the servers every hour. And still even > I get complaints on occasion about not being able to login and I > have to go restart nscd again or at least invalidate the nscd > passwd cache (nscd -i passwd). ---- LDAP is as stable as anything I've ever used but I have to admit that I don't use nscd anywhere because I would suspect, that is what is killing you. I stopped using nscd when I went to LDAP for that reason. It's not uncommon for my primary LDAP servers to have uptimes of over 9 months and never restarting though Red Hat made a curious choice of using sleepy-cat 4.3 on RHEL 5 which is totally not recommended by OpenLDAP developers. http://www.openldap.org/faq/data/cache/44.html I suppose if you wanted to have a stable LDAP, you would investigate with the developers of OpenLDAP. Craig