Re: LDAP Auth?From: John Madden (firstname.lastname@example.org)
- Next in thread: Steven J. Sobol: "Re: LDAP Auth?"
- Reply: Steven J. Sobol: "Re: LDAP Auth?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: John Madden <email@example.com> To: firstname.lastname@example.org Date: Mon, 5 Aug 2002 00:12:56 -0500
> You're using OpenLDAP? I've come across some performance tests and
> statements from different people (sorry, I don't have any links), that
> led to the conclusion that OpenLDAP is really a poor performer.
> Improvements up to 1000x times the OpenLDAP speed where measured.
> I can't prove or comment on this, because I'm using OpenLDAP only for a
> base of about 30 users. But I've also tried the MySQL backend to
> OpenLDAP (pretty crude hack, had to fix some things before it worked)
> and as far as I can see, OpenLDAP will never fly with this backend.
I can - supporting 2500 linux users from openldap running on a separate
solaris box, the directory would get completely trashed from time to time
(like, say, when someone sends a company-wide email). Running nscd and
indexing every attribute ever retrieved has helped performance immensely,
but slapd still sits at a constant utilization of at least 5%.
I suggest you try running openldap itself on different platforms (Linux may
perform better than solaris, for example) and with different combinations
of indexing and caching. If you can find a way of providing a quicker
lookup locally (by, say, caching a copy of /etc/passwd, built from LDAP
every 15 minutes or so), you can take a lot of load off of the directory.
Running with a SQL backend, albeit something of a hack, ought to help
improve performance quite a bit: it would allow you to cluster and load
balance (think LVS) the directory servers -- that is, provided the backend
doesn't become a bottleneck.
OpenLDAP's multimaster setup would also appear to allow for easier
clustering. It's still marked as experimental though, and as I recently
found out on openldap-software, for good reason.
-- # John Madden email@example.com ICQ: 2EB9EA # FreeLists, Free mailing lists for all: http://www.freelists.org # UNIX Systems Engineer, Ivy Tech State College: http://www.ivytech.edu # Linux, Apache, Perl and C: All the best things in life are free!