[Date Prev][Date Next]
Re: Deployment testimonials?
We have a similar setup, though smaller scale: ~6,000 users. We're a
University department, so at the beginning of each semester, users
(students) all go to create/re-enable their accounts. That means during
most of the semester, most of our LDAP queries are reads. But, at the
beginning of the semester, we get a ton of writes. When we first
deployed the system, and the start of semester hit, we experienced a lot
of corrupted entries. We ended up serializing the account creation
process with a Postgres database. Then we built a cron job that flushed
pending requests, sequentially. This solved all our problems. Note that
our LDAP server also provides user-name to id mappings for our file
system also, which gets used quite heavily. So, if you anticipate any
large amount of writes during a period of heavy reads, you might be
leary. At the time we had our OpenLDAP 2.0.27 deployed on pretty meager
RedHat 7.3 boxen. I dont' know how 2.1.x would have performed. I also
don't know what a hardware upgrade would have done for us.
Hope this helps,
On Fri, 2003-06-06 at 07:17, Brandon Hume - OpenLDAP list wrote:
> Our organization is currently putting together an LDAP server for the purpose
> of (hopefully!) becoming a centralized authentication method as well as the
> normal contact directory, etc.
> So far the OpenLDAP server (2.0.27) is performing quite well, but just to
> round things out, I was wondering if anyone could provide me with some
> examples of what they've done in similar situations.
> Our directory will only be medium sized, ~50,000 entries. In the end, it'll
> likely be running on Linux on an IBM ~X335 or a Sun LX50, but for the moment
> it'll be sitting on an Enterprise 250 w/Sol7. Our current directory
> is on that machine (thus why we're staying with 2.0.27... for the moment...)
> and is only very lightly used.
> I've written some basic programs to pound on the test directory, and it has
> performed admirably, but I'm sure most other admins can sympathize that no
> artificial loading or benchmarking tool can accurately simulate the slavering
> huns that comprise any user base.
> Has anyone else deployed OpenLDAP as an authentication + contact directory
> in a similar, or larger, situation, and might have some gotchas to warn us
> about? One thing I've noticed is that 2.0.27 "spins out" and has to be
> killed and restarted when it runs out of file descriptors, so we're going
> with the idea of one master server that no one will query, and one public
> slave server for every 1000 queries/s we expect. (I think we'll be well
> under that number at the beginning).
> We're operating on the idea of getting it working, THEN upgrading to 2.1.x
> when things are stable again. Are there strong reasons to do it the other
> way around?
> Any experiences or pointers would be very much appreciated.
System Programmer, BYU CS Department
GPG Fingerprint: F907 A5C6 17AE C55D CE33 9F05 A829 B63C 99AE 2919