Our organization is currently putting together an LDAP server for the
purpose of (hopefully!) becoming a centralized authentication method as
well as the normal contact directory, etc.
So far the OpenLDAP server (2.0.27) is performing quite well, but just to
round things out, I was wondering if anyone could provide me with some
examples of what they've done in similar situations.
Our directory will only be medium sized, ~50,000 entries. In the end,
it'll likely be running on Linux on an IBM ~X335 or a Sun LX50, but for
the moment it'll be sitting on an Enterprise 250 w/Sol7. Our current
directory is on that machine (thus why we're staying with 2.0.27... for
the moment...) and is only very lightly used.
I've written some basic programs to pound on the test directory, and it
has performed admirably, but I'm sure most other admins can sympathize
that no artificial loading or benchmarking tool can accurately simulate
the slavering huns that comprise any user base.
Has anyone else deployed OpenLDAP as an authentication + contact directory
in a similar, or larger, situation, and might have some gotchas to warn us
about? One thing I've noticed is that 2.0.27 "spins out" and has to be
killed and restarted when it runs out of file descriptors, so we're going
with the idea of one master server that no one will query, and one public
slave server for every 1000 queries/s we expect. (I think we'll be well
under that number at the beginning).
We're operating on the idea of getting it working, THEN upgrading to 2.1.x
when things are stable again. Are there strong reasons to do it the other
way around?
Any experiences or pointers would be very much appreciated.