[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with 35000 users

To: Michel Angelo da Silva Pereira <michelpereira@uol.com.br>
Subject: Re: OpenLDAP with 35000 users
From: Michael L Torrie <torriem@cs.byu.edu>
Date: Wed, 23 Jan 2002 17:37:20 -0700 (MST)
Cc: <OpenLDAP-Software@OpenLDAP.org>
In-reply-to: <20020123145837.A4129@josephine.e-mail4you.com.br>

I'm using ldap in conjunction with kerberos and samba to serve up 4000 
accounts to windows and linux clients (about 250 computers in all).  I can 
say at this point that no, openldap will not sacle up to 35000+ users.  
I'm sure postfix would work okay, but openldap is a weak link.

I've found that the database is quite easily corrupted, as there's no 
write-locking (at least that I can tell) on the database, so if you use 
pam_ldap to change passwords, there is a possibility for corruption.  I 
use special scripts that feed into a serializing postgreSQL table to make 
sure that writes are only done by one process.  I'm sure this can be 
remedied, but I haven't looked much into it.  (You could use SQL as a 
backend for ldap, but there are some downsides to this.)  I stop my 
openldap server (I only have one at the moment) and dump out the database 
in text ldif form every night for backup purposes.  (CVS can work with 
this, but 35000 entries would be a challenge -- a binary backup of 
/var/ldap would be in order.)

I've also been having significant problems with openldap (I'm using 2.0.16 
or 17) leaking file handles until it can't operate anymore.  I solve this 
by restarting ldap several times a day.  Definitely not what you'd want in 
your environment.  I've not followed this list too closely; maybe it's 
been addressed and fixed by now.  (The same problem existed in 1.2.x some 
time ago, I learned from google.com.)

I've not got ldap replication setup but I've heard it's problematic.  
You'd definitely need several servers for load-balancing (slapd can get 
quite demanding) and reliablility.

On the positive side, it's quite adequate for our mixed environment.  It's 
no doubt at least as stable as microsoft's active directory!  From the 
traffic on this list, it's clear that work is progressing and these 
problems will be worked out sooner or later.

That's my experience thus far.
cheers,

Michael

On Wed, 23 Jan 2002, Michel Angelo da Silva Pereira wrote:

> 	Hi. I'm in a project to migrate 35000 users from MSSQL to another database compatible with Linux.
> 	I've a lot of Linux running with Postfix+LDAP with +-1000 users, and wan't to known if OpenLDAP can support 35000 users, and 100000 in the next 3 months, and if anyone here is running like me, I'd like to see the configuration of machines.
> 
> Bye
> 

-- 
Public key available from http://students.cs.byu.edu/~torriem

Follow-Ups:
- Re: OpenLDAP with 35000 users
  - From: Michel Angelo da Silva Pereira - KIDMUmU|ResolveBucha <michelpereira@uol.com.br>

References:
- OpenLDAP with 35000 users
  - From: michelpereira@uol.com.br (Michel Angelo da Silva Pereira)

Prev by Date: Re: Performance and capacity of OpenLDAP (can I use it?)
Next by Date: Re: Performance and capacity of OpenLDAP (can I use it?)
Index(es):
- Chronological
- Thread