[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Large Open LDAP Installations?

I'd like to add that "you should know what you're doing (TM)".

In addition to proper indexing, ACL setups and tuning the applications
to make reasonable LDAP queries, we found proper OS & slapd understanding
and setup to be important. In particular you should know about
possible issues and implications with threading, caching and syncing of
the particular kernel/distribution/OpenLDAP combination you're using.

With a proper setup, scalability is not an issue (any reasonably fast
pair of PCs should do). Unless you need WRITE scalability.

Reliability is an issue. While OpenLDAP runs pretty stable, it is not
bug-free (just btw: neither is iplanet).
You should know what to do if something goes wrong (slapd crash,
hardware crash, replication hangs). In particular, you should know
how your application(s) behave(s) once LDAP is down (be aware that
there's a range of possible errors, from sluggish reponse on some
queries to dead hardware and from client-side (e.g. timeouts,
DNS issues) to network (routing issues) and server-side problems.

Other than that ( :-) ), it's great. We're running a 500,000+ entries
directory for a multitude of applications on a distributed, Linux-based system.


Erik Barker wrote:
> We're running a mail system with 32,000+ user accounts using openldap
> with TLS replication and it works great!
> We have created our own schema using our registered OID for this
> purpose. One of the main things to consider when setting up a system
> like this is overall planning of attributes etc. A proper setup of
> indexed attributes, cache and other performance parameters must be a
> high priority in this case. We're using Linux as our OS of choice on
> dual 800Mhz PIII systems. Our slapd processes rarely go above 3% cpu
> usage :)
> Erik
> On Fri, 2002-02-01 at 04:44, Jeppe, Nils wrote:
> >
> > Hello,
> >
> > I am wondering how big OpenLDAP directories people are running, how well &
> > reliable it scales. I went back in the mailing list a couple of months and I
> > found very conflicting stories, so I'd appreciate a bigger data sample.
> >
> > Background: I am looking into setting up an LDAP service of 100k user
> > entries or possibly larger to be used for authentication purposes.
> >
> > Does anybody run an installation of this size? On what platform? How
> > reliable is it?
> >
> > This might be a good topic for the openldap homepage, too. (if it's
> > documented somewhere, please feel free to hit me with an URL).
> >
> >
> > Best wishes,
> > Nils
> >
> >