# nss-ldap


The `nss-ldap` module allows you to have your user information
in a LDAP server. Within the module you can select some
options on how to connect to the LDAP server:

* `hard`, use an exponential back-off when connection, waiting
up to 64 seconds before trying a different server.
* `soft`, when the server is not responding give up immediately.

The problem is, both are insufficient...

With `soft` you don't have *any* benefits for your backup LDAP server.
With the `hard` policy you can failover to the second (or third) server,
but when you boot the machine (and it does not have networking) you are
stuck with the exponential back-off. This can mean that booting a server
can take a couple of hours: *every* uid lookup will take 64 seconds.

So you need something else. 

I decided to "fix" the source of libnss-ldap and add a new policy
for connecting to LDAP servers: `medium`. With this policy you 
have the `hard` policy, but *not* the exponential back-off! IOW
more like `soft`, but don't give up at once.
So booting should be fast and the failover mechanism should also
still work.

For those interested see [this patch](/downloads/2009/nss.patch.txt) for the code
changes. As soon as my bugzilla account mail is in, I will put
it in the [padl.com](http://www.padl.com) bug tracker.