[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How does it handle 10k users and 3k desktops.

Gustavo Rios wrote:
 Dear folks,

 i am planing using openldap to server account for my users (unix,
 email, etc). It will be authenticating by means of kerberos V (SASL)
 I wonder about performance concerns.

 My initial ideia was to use BDB, but on openbsd mailing (my OS is
 OBSD) i heard someone telling me he/she did not trust BDB and
 preferred some variant of gdbm/ndbm.

That advice is totally ridiculous. ndbm will fall over dead with only a few thousand records. gdbm is only slightly better; both will lose track of records as the database size increases. For someone using a Berkeley-derived operating system (OpenBSD) I would expect them to have more faith in BerkeleyDB. After all, SleepyCat's lead developer (Keith Bostic) was one of the 4 principals of the Berkeley CSRG that created BSD in the first place. BDB is pretty complex today, but it also does far more useful work than ndbm or gdbm.

 So my question is how reliable you judge openldap + bdb?\ I know this
 may seem a little hard to answer, but i am planning a Dell PowerEdge
 750 with SCSI RAID 1, 512 MB RAM and obsd 3.7. It will be used for
 handling about 10K users and 3k desktops for qmail, linux and samba.

re: overall reliability, in the past 3 years (since OpenLDAP 2.1 was released with back-bdb) none of our (Symas) customers using back-bdb has ever lost any data. (We have one customer with a legacy back-ldbm installation, they get corruption problems from time to time. They seem to feel that paying for support to fix the outages is more cost-effective than redeploying with back-bdb across all their installations. So it goes.)

512MB of RAM is pretty tiny. Even my laptop has 2GB (and yes, I run OpenLDAP on it all the time). Each thread will consume 4-10MB of RAM just for a stack and some memory buffers. With the default of 16 threads that can be 160MB used up right there, before you've even considered entry caching and other such uses. You would do well to test your data set on a real machine before committing to a particular spec for production use, your current plan sounds not well thought out at all.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/