Subject: Re: LDAP NSS for NetBSD
To: Love <lha@stacken.kth.se>
From: James Chacon <jmc@NetBSD.org>
List: tech-userlevel
Date: 02/22/2005 09:23:56
On Tue, Feb 22, 2005 at 08:55:41AM +0100, Love wrote:
> 
> Luke Mewburn <lukem@NetBSD.org> writes:
> 
> > On Sun, Feb 20, 2005 at 10:29:09PM +1100, Timshel Knoll-Miller wrote:
> >   | Hi,
> >   | 
> >   | I'm not entirely sure that this is the right list - I'm fairly new to 
> >   | NetBSD...
> >   | 
> >   | I'm thinking about writing a BSD licensed LDAP nss backend for NetBSD 
> >   | -current's modular nsswitch.
> >
> > Sound's good; ldap is one of the services I'd like to see a clean
> > module for.
> 
> I think something like nscd/winbind/lookupd is needed here. The overhead of
> TLS connections is to much for the LDAP server, its hard to do TLS
> connection reuse, there no where to save the session data.
> 
> Sorry for introducing requirements, but experience work showed using a
> couple 100's clients with no tls caching made the ldap servers real
> unhappy.

What kind of ldap servers? We use ldap+tls here w. > 100 clients and a
couple of those are extrememly busy (think imap logins for 30,000+ users).
The LDAP servers keep up fine with that.

James