id,summary,reporter,owner,description,type,status,priority,milestone,component,resolution,keywords,cc,fix_version,see_also 486,Write a caching NSS module,broder,,"We are going to need a local cacher to make LDAP-based NSS efficient enough to be a viable alternative to Hesiod. But because nscd always comes before nss-nonlocal in the NSS pipeline, we can't make the `NSS_NONLOCAL_IGNORE` variable work correctly (nss-nonlocal gets evaluated in nscd's context, which won't have the environment variable set), and we need NSS_NONLOCAL_IGNORE to work for Debathena - otherwise things like adduser and deluser will get very confused. As best as I can tell, we can't make nscd disable-able in a way that works for us across the board. Not to mention that nscd seems to be a crappy piece of software in general. I think our best solution is to write an ""nss-cache"" module that has similar configuration semantics to nss-nonlocal. i.e. we could say something like {{{ passwd: compat nonlocal passwd_nonlocal: cache passwd_cache: ldap }}} which specifies exactly the chaining and ordering that we want. This would make NSS_NONLOCAL_IGNORE work without impacting our ability to cache results.",task,new,normal,The Distant Future,--,,,,,