A message for Linux.com registered users: We are in the process of making changes to the Linux forums. Starting Monday, 8/13/18 at 6:00 PM PT, you will be unable to access the forums. They will re-launch as soon as possible on Wednesday, 8/15/18 with new features and improved functionality. Thank you for your patience and stay tuned for the new improved forums.
LDAP Cached Authentication
Ever since I got LDAP to work I've been wondering which is the right way to authenticate laptop users when they can't reach the LDAP server.
I tried a few pam modules such as pam_ccreds and a procedure which involves nss-updatedb and modifying libnss-db. More details can be found here.
That didn't work, but I also read that nss-updatedb is not such a good idea as it downloads the necessary authentication information for all users and not just for those with recent successful authentication. Thus generating a big amount of network traffic.
Which is the right way to go? Is it otherwise impossible to use a laptop with LDAP? I would prefer if I don't have to create a local username on every laptop.
PS: Using OpenSUSE but I believe it doesn't really make much difference in this case