NSS Offline Caching

From CBLFS
Jump to navigationJump to search

The setup for offline caching of network services is extremely simple. Before we begin there are 3 things you must have installed:

  1. nss_db
  2. nss_updatedb
  3. Optionally a cron daemon to update the cache, Such as fcron, Vixie-Cron, or anacron

First we need to configure our nsswitch.conf to look at the cached entries as well as the local ldap + files. The following is an example configuration that is suitable in most environments:

cat > /etc/nsswitch.conf << "EOF"
# Begin /etc/nsswitch.conf

passwd: files ldap [NOTFOUND=return] db
group: files ldap [NOTFOUND=return] db
shadow: files ldap [NOTFOUND=return] db

hosts: files dns [UNAVAIL=return] ldap
networks: files ldap

protocols: files ldap
services: files ldap
ethers: files
rpc: files ldap

# End /etc/nsswitch.conf
EOF

You have 2 options for updating your offline cache. You can either manually execute the command or run a cron job at a preset interval to do this for you. The choice is yours. To immediately update the cache you would execute the following:

nss_updatedb ldap

An example of a cron job that will will update the cache every 30 minutes and not send an email would be:

@mail(false) 30 /usr/sbin/nss_updatedb ldap

The interval of the updates and how you update is up to the needs of your environment.

One other thing to note is that if the remote service goes offline, the cache will fail to update, so your cache wont blank out if it tries to update while the service is unavailable.