[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Real alternatives to BDB?

To: openldap-software@openldap.org
Subject: Re: Real alternatives to BDB?
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Thu, 28 Feb 2008 13:19:05 +0200
Cc: Marten Lehmann <lehmann@cnm.de>
Content-disposition: inline
In-reply-to: <47C592DD.6040706@cnm.de>
References: <47C592DD.6040706@cnm.de>
User-agent: KMail/1.9.7

On Wednesday 27 February 2008 18:42:05 Marten Lehmann wrote:
> Hello,
>
> we are currently running openldap 2.2.13 with a bdb-4.2.52 backend as it
> comes with RHEL4. We have about 50.000 cn's

How many cn's you have is irrelevant,  so I assume you mean entries.

> each having about 5-10 
> attributes with a length of no longer than 100 characters. So our
> dataset is not very big.

However, it is most definitely bigger that what you can run on the default BDB 
cache (256kB). You didn't provide any details of BDB tuning (the contents of 
your DB_CONFIG file, for example), so I assume you have none, in which case 
you can expect problems.

> We have a lot of concurrent reads since or ldap provides the data for
> incoming and pop3/imap servers. But we have only about 100 changes/adds
> a day, not more.

We briefly ran 2.2.13 (before I joined, and for a short time thereafter), and 
there weren't huge problems, on a database with (at that time) ~ 800 000 
entries, each server doing > 100 operations/sec, with about 2 writes/sec.

We currently run 2.3.40 (plus one patch ...) with 1.5 million entries, each 
slave doing > 200 operations/sec, with about 4 writes/sec.

In neither case have we had significant problems. But, we always had an 
appropriately tuned DB_CONFIG 

> Yesterday we had the second bdb problem in our 1 year ldap setup. The
> problem is, that we cannot really detect the crash, since ldap queries
> just hang, but neither they timeout nor openldap is crashing. We just
> notice the mailserver issues and have to track it down to openldap and
> bdb.

So, on a 50,000 user mail system, you don't monitor all the components of the 
mail system?

> As with last time, we had to shutdown openldap and recover bdb.

The 2nd may be as a result of the first, which could be as a result of your 
lack of tuning, or a bug.

> Fortunately we have been able to recover the data-directory both times
> using dv_recover.

Red Hat should have included automatic database recovery in their init script, 
as other a number of other distributions did for 2.1 and 2.2. Then you would 
probably not have noticed much ...

> But in fact, we want to have a backend, that doesn't 
> crash twice a year.

Are you sure it was the backend? Or, was the fact that you needed to recover 
the result of shutting down slapd uncleanly?

> And as our setup is growing and we want to start 
> with replication, we want a backend to whom we can trust.
>
> I read through the backend documentation of openldap and berkeley db is
> praised as very fast and efficient. Amazing, that berkeleydb is not
> called stable anywhere in the documentation. And from my experience, bdb
> is not stable. Whenever you here about bdb, you here about it because a
> database went corrupt. bdb is just a key/value database that seems to
> work fine as long it is read-only. Different projects, e.g. subversion,
> have turned away from bdb and use a different backend.

You are assuming that the reason they stopped using BDB was problems in BDB 
itself, whereas it could have been in the way the software used the 
library ...

>
> Often they use SQLite. Since SQLite handles complete table layouts, it
> would also be possible to create one table with two columns (key and
> value as in bdb). SQLite shall also be transactional.

BDB is transactional. OpenLDAP has no need of SQL support etc. AFAIK, the 
biggest driver for people to use SQLite is related to licensing issues.

> But why is openldap sticking on bdb? Does bdb have any other important
> features the SQLite doesn't have? Benchmark issues? Replication?

OpenLDAP doesn't use BDB replication features.

> I have to admit, that I'm not using the latest releases of bdb. But I'm
> using and watching bdb for years and I hardly believe, that it has
> become stable in the latest release.

I really don't think it is beneficial for you to criticise the software ... if 
you want solutions to your problems, provide more detail on your 
configuration, and maybe you will have a quicker resolution ...

You may want to upgrade. This may not fix all your issues (as upgrading 
doesn't magically tune your configuration for you), however:
-There have been lots of fixes since 2.2.13
-Features have been added that would mitigate your problems, even if you 
didn't do tuning (such as slapd doing automatic database recovery when 
necessary)
-Warning messages when no DB_CONFIG file is found
etc.

Upgrading may not be very much work ... you may want to look at:

http://staff.telkomsa.net/packages/rhel4/openldap/
http://staff.telkomsa.net/packages/ (for a .repo file for yum, if you use yum)

However, I am curious as to why this question ("Why does OpenLDAP on RHEL4 
suck") gets asked so often. How did you come to the conclusion that BDB 
should be dropped in favour of some other database library? What searches did 
you do to find solutions to your problem? Maybe we can improve the content on 
the FAQ-o-matic to ensure people don't end up in your situation, or at least 
find real solutions sooner.

Regards,
Buchan

References:
- Real alternatives to BDB?
  - From: Marten Lehmann <lehmann@cnm.de>

Prev by Date: Re: Real alternatives to BDB?
Next by Date: Access Control issues
Index(es):
- Chronological
- Thread