[Pkg-openldap-devel] Bug#340601: nss-ldap and hosts resolution workaround

[Arthur de Jong]

On Mon, 2007-11-05 at 12:01 -0500, Steve Langasek wrote:
> > Have you tried replacing libnss-ldap with libnss-ldapd (only
> > available in testing/unstable) ?
>
> The bug submitter is the maintainer and author of nss-ldapd, so I
> suspect he may have done so ;)
>
> But you didn't send your message to the bug submitter.  Forwarding
> now.

Thanks. I will plug nss-ldapd a little more now ;-)

Yes I'm using nss-ldapd now and it solves this particular problem pretty
well. It also solves some other problems because of a much simpler
architecture.

The ldapsearch command would now do something like:

  ldapsearch
  |- NSS host lookup for LDAP server
  |  \- send request to nslcd ->  nslcd
  |                               \- does LDAP lookup for hostname
  \- does LDAP search  

So only one instance of OpenLDAP is active in each application which
simplifies things greatly. Due to the architecture change and some
refactoring I was also able to reduce the amount of code by 50%.

The downside is that nss-ldapd is not yet as stable as nss_ldap. A
memory leak has been reported (#447997) that seems to not have been
fully dealt with at this time and nss-ldapd has obviously not had as
much in-the-field testing as nss_ldap.

Back to the bugreport. I'm not really sure if bug #340601 is really a
bug in OpenLDAP. I think there is some locking done in OpenLDAP that is
not strictly necessary on glibc but this is based on an examination of
the source code I did a year ago so take it with a grain of salt.

-- 
-- arthur - adejong at debian.org - http://people.debian.org/~adejong --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20071106/e6032a25/attachment.pgp