On Wed, May 18, 2005 1:45 pm, paul k�lle said: > we are in the process setting up a new server (on gentoo) for the usual > web/mail/db stuff with cyrus/postfix/apache/mysql/subversion/... We'd > like to store all accounts in a backend that can be shared by more than > one host and run in an replicated server/slave setup so that one machine > can takeover the service if the other fails. > > I've looked around and it seems there is a general choice of using ldap > or mysql for this.
I assume you mean OpenLDAP... The key difference is performance. A web application will typically do an authorization every time the user hits a page. That's a lot of lookups - a lot of hits to the database. On the other hand, updates to an authorization database are relatively rare. OpenLDAP, as an authentication/authorization tool, is tuned for extremely fast lookups. The whole way the database is indexed and stored on disk is to provide lightning fast lookups. However, it's quite slow for updates. Mysql is a general purpose database. It is tuned quite well for both lookups and updates. It is much faster than OpenLDAP for updates, but can't even come close for lookups. That being said, with today's hardware, unless you are expecting a lot of traffic, either one will do. Unless under load, mysql will respond in milliseconds. However, if load is a concern, OpenLDAP might save you on hardware costs (don't have to buy as many servers), and it will not add any latency to you web transactions. But mysql is probably easier to manage, especially if you already know SQL. -Eric -- arctic bears - email and dns services http://www.arcticbears.com -- [email protected] mailing list
