[ldap] SambaXP talk
For anyone curious, the slides from my presentation at the SambaXP conference last week are now up on my web site. http://highlandsun.com/hyc/SambaXP.pdf Much of the material on malloc benchmarking was already presented at SCALE5x earlier this year. New material in these slides include benchmark results for OpenLDAP 2.3.34 vs FedoraDS 1.0.4, OpenDS 0.1-34, and ApacheDS 1.0.1 on Linux 2.6. The machine used for these tests is the same SunFire X4100 used in these tests last year http://www.symas.com/benchmark-auth.shtml We didn't test Microsoft ActiveDirectory because we don't have a 64 bit build of it available, nor do we have a 64 bit Windows system available. I suppose we can run those tests and publish those results sometime down the road. If anybody is interested in helping to run more tests along these lines, feel free to contact me. This round of benchmarking was quite educational. We discovered a memory leak in FedoraDS (and reported that to their maintainers, of course). Analyzing the results also shows that while FDS' entry cache is reasonably effective, they have a performance bottleneck in their frontend, most likely in connection management. I didn't profile it to get a closer look, though I'm sure a profiler would make the culprit obvious. Also FDS is too memory hungry, which causes their server to run out of memory much sooner than OpenLDAP (running on the identical machine, with identical cache memory settings, indices, workload, etc...) so their performance drops off quite sharply as database sizes increase and memory becomes constrained. (This is something different from the malloc degradation I was observing in OpenLDAP before, although FDS appears to be affected by that as well.) We also observed that Sun/Fedora's documentation and advice on performance tuning for their servers is wrong, and we can obtain better performance by ignoring their recommendations. Even though Sun, Fedora, and OpenLDAP all use BerkeleyDB, it's obvious that they don't use it as effectively as we do. Given the extremely young age of the OpenDS code base I'd say they've done a really good job thus far, even managing to beat FDS in one test. But I'd also say they've gotten as good as they can possibly get with a pure Java solution; indeed their future plans for entry caching require support outside the JVM (e.g. using a tmpfs cache). Since they're still at best 3x slower than OpenLDAP, it's unlikely they will ever achieve their stated goal of delivering high performance with a Java code base. OpenLDAP has taken a lot of flack over the years for being slow or old technology. Most of that was well-deserved up to about mid-2000, but it hasn't been true since. OpenLDAP is the fastest, most scalable, most reliable directory software in the world. That's not marketing hype; we can prove every point. AMD and Intel make a big deal about piddly 20% differences between their products. We are over 300% faster than the next closest offering. Other projects and vendors talk about how superior they are (or hope to be) but it's pretty clear that they're not in the ballpark. They're not even in the same league. I don't wish ill to any of these folks, but personally I'm sick and tired of the unfounded claims. A lot of people are spinning directory stories these days. With OpenLDAP there's no need for spin, we're the best, and that's the truth. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sunhttp://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
[ldap] AD/ADAM Performance testing
Updated results from our authentication benchmarks of Microsoft Active Directory are now available online: http://connexitor.com/blog/pivot/entry.php?id=185 At best AD is 4 times slower than OpenLDAP. At worst ... there really wasn't enough time to explore the full extent of that end of the scale. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sunhttp://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
[ldap] Re: Active Directory as a general purpose directory service
to create an ADAM directory with exactly 512 entries. (I didn't bother trying this with AD, all of the pre-loaded entries makes it too hard to count.) Thanks, BrettSh [msft] ESE Developer -Original Message- From: Howard Chu [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 27, 2008 9:28 PM To: LDAP list Subject: [ldap] Re: Active Directory as a general purpose directory service From: Gavin Henry[EMAIL PROTECTED] Date: Wed, 27 Feb 2008 21:13:39 + [EMAIL PROTECTED] wrote: I have seen several companies using AD (usually AD/AM, but sometimes AD as a separate domain) as an enterprise directory service. And here http://www.openldap.org/lists/openldap-devel/200711/msg2.html which describes one of the fundamental design flaws in AD's database. Microsoft Bloatware - Designed by People Who Just Don't Care. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sunhttp://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sunhttp://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
[ldap] LDAP for MySQL Cluster
I will be co-presenting a talk at the MySQL Conference on Thursday April 23 in Santa Clara, California on the back-ndb backend in OpenLDAP. Johan Andersson from Sun/MySQL will also be presenting; Symas and MySQL worked together to design the data model for this backend. http://en.oreilly.com/mysql2009/public/schedule/detail/6219 back-ndb is a new OpenLDAP slapd backend that provides direct access to MySQL's NDB Cluster engine. The NDB Cluster design allows concurrent access to relational tables from multiple access methods (including mysqld for traditional SQL access, and slapd for LDAP access) and allows capacity to scale horizontally across multiple data nodes. The OpenLDAP backend uses the native NDBAPI to achieve high speed access without any SQL translation overhead. Multiple slapd servers can operate concurrently on an NDB database, along with other mysqld servers and other agents, allowing performance to be augmented linearly simply by adding more nodes to a cluster. This will be slightly more in-depth than the back-ndb talk I presented at the UKUUG conference in March. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
[ldap] LDAPCon 2009 Call For Papers
LDAPCon 2009 will coincide with LinuxCon in Portland, Oregon this September. http://www.symas.com/ldapcon2009/call-for-papers.shtml All-things-LDAP are welcome... -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
[ldap] LDAPCon2009 Program Published
The 2nd International Conference on LDAP (LDAPCon2009) is being held this September 20-21 in conjunction with LinuxCon in Portland, Oregon. (Registration for LDAPCon2009 also includes registration for LinuxCon.) The program for LDAPCon2009 is now online, and registration is open. http://www.symas.com/ldapcon2009/ -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/