[email protected]
[Top] [All Lists]

Re: Winbind - functionality

Subject: Re: Winbind - functionality
From: Ondrej Valousek
Date: Wed, 22 Jul 2009 11:05:45 +0200

If the problem was so easy that a simple nss_ldap invocation handled it
properly, we would not have 'wasted' so much time on winbind.  It was
developed for a very real reason.
I agree with Andrew here - nss-ldap is a piece of crap for 2 reasons:
- the whole ldap library is loaded with every NSS library call
- no caching
- called in the user context, so can not use machine credentials to access AD
- extra configuration needed

All these problems are hopefully to be solved with the upcoming nss-ldapd but it is not stable enough yet. So I vote for winbind, too. The only problem with winbind is (as I already mentioned) limited system databases support (to passwd and group)...

<Prev in Thread] Current Thread [Next in Thread>