[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple Slave LDAP Servers

--On Sunday, August 08, 2004 9:13 AM -0400 Daniel Henninger <daniel@unity.ncsu.edu> wrote:

Anyway, I've switched to CNAME based load balancing and everything seems
to be fine now.

On a side note, 9 slaves??  Wow.  Since you have been running this longer
than us (obviously), did you find soon that you needed this many?  Would
buying more powerful machines have made it so you didn't necessarily need
that many or did you need that many regardless?  Just trying to get a
feel for future sizing requirements.  =)

When Stanford was moving to OpenLDAP, we hit a number of issues around stability and performance. Initially, we couldn't get more than around 6 queries/second out of OpenLDAP when using SASL/GSSAPI. We had a requirement of 40 queries/second across a load-balance pool to handle our mail routing. We had an urgent need to get off of our old directory servers (Netscape based), so we bought what we knew would handle our requirements. A lot of the stability you find in OpenLDAP, Cyrus-SASL, and Heimdal comes from the persistent pounding Stanford did against OpenLDAP, and the work of Howard Chu from Symas, whom we hired to resolve the problems we were seeing.

Now, I get 130 queries/second against a single LDAP server, on our test systems, which are less powerful than our production systems.

So, are we now in a position where we have more capacity than necessary? Definitely. ;)


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html