On Fri, 7 Oct 2011, Stephen Harris wrote: > You're missing the point. If the query was sufficiently fast then you > don't _need_ to worry about caching, and thus cache coherency, speed of > propagation of changes, inconsistent results between machines etc etc. > > Caching is a _kludge_ to hide an underlying problem. It adds complexity > and additional failure modes. In one sense yes, but I don't necessarily see any sense in an 'ls -l' in a lively directory causing *that* many hits to the information provider every time when user information changes rarely. > LDAP is slow. nscd, sssd, ldapcachemgr et al are all klduges to work > around that fact. It all depends on your definition of slow. $ time ldapsearch 'cn=someuser' >& /dev/null real 0m0.016s That's not so bad for a LDAP server with ~100k users is it? jh