Gustavo Rios wrote:
Dear folks,
i am planing using openldap to server account for my users (unix,
email, etc). It will be authenticating by means of kerberos V (SASL)
I wonder about performance concerns.
My initial ideia was to use BDB, but on openbsd mailing (my OS is
OBSD) i heard someone telling me he/she did not trust BDB and
preferred some variant of gdbm/ndbm.
That advice is totally ridiculous. ndbm will fall over dead with only a
few thousand records. gdbm is only slightly better; both will lose track
of records as the database size increases. For someone using a
Berkeley-derived operating system (OpenBSD) I would expect them to have
more faith in BerkeleyDB. After all, SleepyCat's lead developer (Keith
Bostic) was one of the 4 principals of the Berkeley CSRG that created
BSD in the first place. BDB is pretty complex today, but it also does
far more useful work than ndbm or gdbm.
So my question is how reliable you judge openldap + bdb?\ I know this
may seem a little hard to answer, but i am planning a Dell PowerEdge
750 with SCSI RAID 1, 512 MB RAM and obsd 3.7. It will be used for
handling about 10K users and 3k desktops for qmail, linux and samba.
re: overall reliability, in the past 3 years (since OpenLDAP 2.1 was
released with back-bdb) none of our (Symas) customers using back-bdb has
ever lost any data. (We have one customer with a legacy back-ldbm
installation, they get corruption problems from time to time. They seem
to feel that paying for support to fix the outages is more
cost-effective than redeploying with back-bdb across all their
installations. So it goes.)
512MB of RAM is pretty tiny. Even my laptop has 2GB (and yes, I run
OpenLDAP on it all the time). Each thread will consume 4-10MB of RAM
just for a stack and some memory buffers. With the default of 16 threads
that can be 160MB used up right there, before you've even considered
entry caching and other such uses. You would do well to test your data
set on a real machine before committing to a particular spec for
production use, your current plan sounds not well thought out at all.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
