Re: LDAP Auth?

From: Christian Bauer (christian.bauer@bluemars.de)
Date: 07/30/02


Date: Tue, 30 Jul 2002 22:31:05 +0200
From: Christian Bauer <christian.bauer@bluemars.de>
To: focus-linux@securityfocus.com

On 29 Jul (14:07), Ken Gourlay wrote:

> LDAP is nice, but depending on how many users you have, it may not be
> efficient enough to do what you need done. I'm happy to talk to you
> about more specific things, but I guess my immediate recommendation is
> to strongly consider why you want to use LDAP as a standard before
> jumping into it.

You're using OpenLDAP? I've come across some performance tests and
statements from different people (sorry, I don't have any links), that
led to the conclusion that OpenLDAP is really a poor performer.
Improvements up to 1000x times the OpenLDAP speed where measured.

I can't prove or comment on this, because I'm using OpenLDAP only for a
base of about 30 users. But I've also tried the MySQL backend to
OpenLDAP (pretty crude hack, had to fix some things before it worked)
and as far as I can see, OpenLDAP will never fly with this backend.

Try a differend directory server. Or switch to pam_pgsql, as I will do
in the next couple of weeks. In your case, pam_mysql will be better of
course. Why use the directory server at all, if your backend is a
relational database?

-- 
BLUE MARS - Gesellschaft für digitale Kommunikation mbH                         
                                                                                
Christian Bauer               mailto:christian.bauer@bluemars.de 
Technology Department         http://www.bluemars.de 
Ebersheimstrasse 5            Tel: +49 (0)69 469973-00 
60320 Frankfurt/M.            Fax: +49 (0)69 469973-99



Relevant Pages

  • openldap, pam_ldap and nss_ldap
    ... I am having difficulties setting up openldap user authentication using ... (but he was using the native sun ldap clients) ... # with Netscape Directory Server) ... # Netscape SDK SSL options ...
    (SunManagers)
  • Re: whats next for the linux kernel?
    ... OpenLDAP now has dynamic config but the ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?
    ... OpenLDAP is openldap-server-2.3.38, standard config, no SASL support or anything else apart from default ... # nsswitch.conf- name service switch configuration file ... passwd: files ldap ... I have a problem with setting up an FreeBSD box as OpenLDAP server with several services, like SAMBA, NFS. ...
    (freebsd-questions)
  • Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?
    ... OpenLDAP is openldap-server-2.3.38, standard config, no SASL support or anything else apart from default ... # nsswitch.conf- name service switch configuration file ... passwd: files ldap ... I have a problem with setting up an FreeBSD box as OpenLDAP server with several services, like SAMBA, NFS. ...
    (freebsd-questions)
  • Re: Openldap clustering ?
    ... you're off to a good start with FreeBSD and OpenLDAP. ... you can set up master-master replication between a couple of OpenLDAP ... The really handy thing about LDAP is that you can do quite a reasonable ... Simply specify a series of LDAP servers in the ldap.conf (or ...
    (freebsd-questions)