TOn 12/22/2014 10:38 AM, Andrew Holway wrote:
So I am looking at ways of building a distributed user database for millions of users (specifically 5 million at the moment) and I am thinking that freeIPA might be a good thing to test for this kind of use case. I would assume that at least a third of these users would want to authenticate every day however updates of data held in the database would probably be quite rare.

We need to have endpoints in a few regions and the Multi Master Replication would take care of the back end problem for us quite well.

Does anyone have any data on using freeIPA for this kind of thing. What would be the caveats?

LDAP will be able to handle this amount of data however there are several recommendation other than what you can find here:

1. User account creation and modification.
If users are enrolled automatically and is expected to operate right away after the account is created you need to make sure you understand the latency of the LDAP replication. Think about keeping affinity to a single server for the first user session. For modifications consider also keeping affinity to a separate server and not allow modifications to random replicas. This approach will prevent random failures and negative user experience due to replication latency. It is not an IPA recommendation BTW but rather a general LDAP related wizardry. 2. Make sure you have enough replicas but not too many. You would need to test your environment depending on the number of data centers across the globe and how users are distributed around the world.

Seems like a big project for some kind of online community. Any chance you can share more details?

We would not be surprised if there would be issues as you ramp up the environment. To address environments like this we plan to change LDAP DB from BDB to MDB some time next year. I suspect that as you grow your environment over time you should consider upgrading to the version that would implement this change.



Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to