[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap performance numbers vs NS



On Thu, Aug 09, 2001 at 12:12:27PM -0400, Archive User wrote:
> Netscape claims: 
> 
> 1. Can handle over 50 million entries per server
> 2. Can import over 1 million entries per hour
> 3. Has achived a query rate of 5200 entries per hour

I hope there's a typo in there. That's less than two queries per second.

> 4. Offers performance that scales lineraly with multiple cpus
> 5. 500 million directory licenses sold worldwide (over 70% of the
>    ldap market)

Maybe licenses for 500 M objects. Maybe 70% of the commercial market (easier
to achieve since Sun swallowed Innosoft), especially if they discount things
that aren't pure LDAP like Novell NDS.

> Does anyone have any real world experiences with openldap that 
> show it can scale, performs well, stable, etc ?
> 
> We would probably be looking at 50k records tops (and thats if
> I put the kitchen sink in it) and using the latest version 2.x.

Capacity/scalability: Should you buy a full size pickup truck when you never
carry more cargo than a couple grovery bags? Some of those numbers are
impressive, but given how much smaller your directory will be, there's not
much sense in exploring how fair the tests may have been. I would hope that 
even a PHB would recognize when a vendor is using a canned pitch instead of 
listening to the customer's actual needs.

Speed: you should do your own benchmarks with real-world data, indices, and 
queries. Who knows, there may be somthing unexpected that favors one product 
over the other. Oh, and read the mailing list archives from the last couple 
weeks, especially the posts comparing back-end speeds with some back-sql 
enhancements...

Stability: I found that OpenLDAP 2.0.11 would dump core with certain 
queries. The next day I found the bug, and a solution. Day after that I 
learned it had already been fixed in CVS. I don't know how to quantify 
stability, but there's certainly value to having the source code.

If it looks like iPlanet serves your needs better, realize you can pick up a
Sun Sparc server, install Solaris 8, and use the free iPlanet Directory
Server that comes with Solaris 8 to store up to 200,000 user objects. I
don't know what the upgrade path is, though (and Sun, IMO, was nasty in its
abandonment of folks who purchased the Sun-labeled LDAP server before they
started selling iPlanet). But I recall iPlanet's pricing being insane,
something like $2.50 per user object. And the folks I talked to weren't
interested in discounts, even when we were looking at an application that
would have supported hundreds of thousands of users. If they're giving you
the same crazy numbers and you can't use the freebie on Solaris 8/Sparc,
another option might be Oracle, who will sell you a license based on how big
your server is, not how much data it stores.

All told, though, the whole license-support-upgrade bit from Sun/iPlanet is
unpleasant and unpredictable enough that I'd use BSD-ish free software like
OpenLDAP pretty much any time it seemed adequate. Maybe iDS is twice as
fast. Maybe three times as fast. But is Sun committed to giving away the
latest iDS in perpetuity? Or are they fronting users now in hopes of locking
them in now, and demanding high license fees later? With OpenLDAP you don't
have those concerns.

In a later message, you write:
# Can anyone related their experiences running openldap with greater
# then 20k or 30k entries? We are planning on using it for single sign
# on essentially.

How many queries per minute do you expect? For instance, a best case
scenario would be something like a university computer logon system, where
there's a query each time a user logs in, and the login events are
well-distributed (except for when the computer labs open in the morning,
when the system handles many logins in a short period of time). Worst-case
would be something like a primitive Web authentication system where each
image request results in an LDAP query, especially if all 30k users were
browsing at the same time. Do your authentication procedures involve writing 
to the directory? If so, how often? Etc.

-Peter