NSS Offline Caching
The setup for offline caching of network services is extremely simple. Before we begin there are 3 things you must have installed:
- nss_db
- nss_updatedb
- Optionally a cron daemon to update the cache, Such as fcron, Vixie-Cron, or anacron
First we need to configure our nsswitch.conf to look at the cached entries as well as the local ldap + files. The following is an example configuration that is suitable in most environments:
cat > /etc/nsswitch.conf << "EOF" # Begin /etc/nsswitch.conf passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db shadow: files ldap [NOTFOUND=return] db hosts: files dns [UNAVAIL=return] ldap networks: files ldap protocols: files ldap services: files ldap ethers: files rpc: files ldap # End /etc/nsswitch.conf EOF
You have 2 options for updating your offline cache. You can either manually execute the command or run a cron job at a preset interval to do this for you. The choice is yours. To immediately update the cache you would execute the following:
nss_updatedb ldap
An example of a cron job that will will update the cache every 30 minutes and not send an email would be:
@mail(false) 30 /usr/sbin/nss_updatedb ldap
The interval of the updates and how you update is up to the needs of your environment.
One other thing to note is that if the remote service goes offline, the cache will fail to update, so your cache wont blank out if it tries to update while the service is unavailable.
