> On Fri, Apr 28, 2006 at 10:51:38AM -0400, Jesse W. Hathaway wrote: > > > I do understand why this feature is needed. However, the additional > > feature of having the ability to disable this function is also needed. > > It is quite common to not have any of the users, used for system > > daemons, to be included in groups found in network directories. It seems > > needless to query network directories for system daemons such as apache. > > Yes, in some cases such a feature would be useful, but that feature > currently does not exist. > > > Enumeration is a lookup process, so I still think the man page is > > unclear, as to what effect the action statement will have in the group > > database option. > > The documentation might be improved, but the documentation of SUCCESS > talks about the "wanted entry" and the documentation of NOTFOUND talks > about "the needed value", both terms having no meaning for enumeration. > Well, you can interpret those terms as "all possible entries"; either > way you get that SUCCESS and NOTFOUND action rules have no effect on > enumeration. > > > Given that one of the main features of LDAP and NIS are consistent > > groups across all machines, I think it would be beneficial to support > > querying network directories selectively. > > I think the reason this was not solved much easier is that it is not a > problem for NIS/NIS+. They need much less resources than LDAP. > Enumerating over a couple thousand users using NIS+ was not a problem > when I last did it; doing the same with LDAP produces quite a > significant load.
This might be the case, that NIS handles the queries faster, however with either directory server, the loss of network connectivity should not impact the system daemons. A laptop is a good example of a system where this situation occurs on a regular basis. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]