[CentOS] Odd issue with C6 and NIS

Fri Oct 7 07:24:09 UTC 2011
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Fri, 7 Oct 2011, Craig White wrote:

> I would agree with NSCD adding additional mode failures. I try not to
> use it. I know nothing at all about other cache technologies for LDAP.

We'd found the tradeoffs with using nscd with a large centralised
institutional AD directory to be definitely worthwhile.  The caching it does
is dumb, and it's traditionally been prone to failure (although current
versions are far less bad), but it did throw back in necessary speed to the

> SSD really isn't about user/group caching and I'm not sure how that
> worked its way in here. http://fedoraproject.org/wiki/Features/SSSD In
> reality, you're going to have to use something like libnss or sssd for
> any alternative authentication system.

SSSD keeps a local LDB cache of retreived information, so does indeed maintain
a cache and it sensibly updates that cache while not holding up requests for
the cached data in a configurable manner.  It also caches the nested structure
well, by keeping partial caches of accrued data.  So I don't really understand
why you don't think it's about caching, when that's one of the things it does.