We are running a Redhat linux based OpenLdap (Berkeley db) server for storing digital certificates for our PKI. It also stores the PKI's CRL (certificate revocation list) in an attribute. The problem is that the CRL is growing several kilobytes bigger every month . Currently it's about 2 Megabytes. Last week we had a network problem which caused clients to request the CRL from the OpenLdap server (it functions as a backup mechanisme, first clients try to receive the CRL from a webserver, if that fails they try LDAP). The LDAP server couldn't handle this load and dropped LDAP requests. Obviously I need to investigate the specifics behind the problem, like memory, bandwith etc in more detail, but I was wondering if anyone has any experience with serving up files of this size from OpenLdap and if he/she could advise if it should be done or not.
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.