On Fri, 7 Oct 2011, Craig White wrote: > I would agree with NSCD adding additional mode failures. I try not to > use it. I know nothing at all about other cache technologies for LDAP. We'd found the tradeoffs with using nscd with a large centralised institutional AD directory to be definitely worthwhile. The caching it does is dumb, and it's traditionally been prone to failure (although current versions are far less bad), but it did throw back in necessary speed to the mix. > SSD really isn't about user/group caching and I'm not sure how that > worked its way in here. http://fedoraproject.org/wiki/Features/SSSD In > reality, you're going to have to use something like libnss or sssd for > any alternative authentication system. SSSD keeps a local LDB cache of retreived information, so does indeed maintain a cache and it sensibly updates that cache while not holding up requests for the cached data in a configurable manner. It also caches the nested structure well, by keeping partial caches of accrued data. So I don't really understand why you don't think it's about caching, when that's one of the things it does. jh