[vchkpw] LDAP or MYSQL module ??

[Rodrigo Pinheiro]

Hi,

I've a domain with 30,000 accounts +/-, it's running on iplanet solutions
I need migrate that solution to free software, because iplanet is very
expensive

I'd like to know which module to use for autentication,

LDAP or MYSQL ??

SQL is more slow LDAP,

but I seen that MYSQL module is more used and more accept.

Thanks.


Rodrigo Pinheiro

Re: [vchkpw] LDAP or MYSQL module ??

[Evren Yurtesen]

I think you would to quite well with mysql, might be little bit slower but
by practicality I believe it has more positive points than LDAP.

Plus considering todays hardware is so fast and cheap. I think little bit
speed penalty is not too big problem. Well you can always buy faster cpu
and more memory or multiple cpu.

Also onsidering that buying a supreme hardware would only cost a small 
fraction of the money you pay for iplanet. Anyhow :) of course this is my
opinion. I am sure people will have different opinions

Evren

On Mon, 25 Aug 2003, Rodrigo Pinheiro wrote:

 Hi,
 
 I've a domain with 30,000 accounts +/-, it's running on iplanet solutions
 I need migrate that solution to free software, because iplanet is very
 expensive
 
 I'd like to know which module to use for autentication,
 
 LDAP or MYSQL ??
 
 SQL is more slow LDAP,
 
 but I seen that MYSQL module is more used and more accept.
 
 Thanks.
 
 
 Rodrigo Pinheiro
 
 
 

Re: [vchkpw] LDAP or MYSQL module ??

[Nick Harring]

I'm running a set of domains with about 50K users now using mysql. 
Depending on how you're going to structure the qmail+vpopmail 
environment there're a number of things you can do to overcome the 
slightly slower mysql. What I do is run a local read-only copy of the 
mysql database on each of my qmail servers, which are replicated off of 
a master read-write copy.
Delivering roughly 500K messages per day to this cluster I'm running 
three servers for qmail, vpopmail, courier-imap/pop3, squirrelmail. Two 
are dual  P3s at 1ghz, and one is a dual Athlon XP 2400+, and 
performance is more than acceptable (its a pretty darn fast cluster 
imho). The master read/write mysql database is running on a semi-ancient 
Sun E250, however there's not a lot of writing going on as I turned off 
mysql logging in vpopmail.
Hope that helps,
Nick Harring
Rodrigo Pinheiro wrote:

Hi,

I've a domain with 30,000 accounts +/-, it's running on iplanet solutions
I need migrate that solution to free software, because iplanet is very
expensive
I'd like to know which module to use for autentication,

LDAP or MYSQL ??

SQL is more slow LDAP,

but I seen that MYSQL module is more used and more accept.

Thanks.

Rodrigo Pinheiro

 

Re: [vchkpw] LDAP or MYSQL module ??

[Nick Harring]

Michael -
I'd be happy to. I've copied the list since someone else may find the
additional detail useful.

Michael Bellears wrote:

  Hi Nick,

  
  
What I do is run a local read-only copy of the 
mysql database on each of my qmail servers, which are 
replicated off of 
a master read-write copy.
Delivering roughly 500K messages per day to this cluster I'm running 
three servers for qmail, vpopmail, courier-imap/pop3, 
squirrelmail.

  
  
Sounds nice - We are about to migrate to a multi-server environment, and
was wondering if you could answer a couple of questions for me.

Are your servers sitting behind a local director or equiv.?

Are you running a common nfs share for your clients mailbox's (i.e.
/home/vpopmail/domains)?

What happens if your master mysql box fails?

Thanks in advance,
MB
  

We're using a redundant pair of Foundry ServerIron load balancers,
though I strongly discourage you from buying such devices. My
experience is that they are very unbalanced in their load balancing,
and their interfaces (web and cli) are hideous for every day usage.
Other experiences of mine say to buy a pair of cheap linux boxes and
use Linux Virtual Servers (LVS) as a load balancing interface. Its far
more configurable to balance based on load, and is far, far cheaper to
deploy.
We're mounting /var/vpopmail/domains as an nfs mount for all of our
users maildirs from a pair of Sun E250s (which also run the MySQL
read/write DB). These are hooked up to a mirrored pair of Raid5 arrays,
with the mirroring being done by Veritas Volume Manager, and the boxes
are clustered with Veritas Cluster Services for high availability.
Again I'd not actually recommend using this setup unless you've got
these or similar pieces already paid for and lying around. Either real
filers (such as Network Appliance, Procomm or others) or linux boxes
using tools from the Linux-HA project are what I'd recommend. I'm
looking to replace our E250s with a pair of NetApp F825c filer heads
with clustering and the whole ball of wax as high availability is an
absolute necessity in my network. 
As I mentioned previously the MySQL boxes are clustered, and the MySQL
database itself is on shared SCSI storage (part of the volume manager
setup). 
When I replace the E250s I'm thinking about instead setting up a
circular MySQL replication scheme, since MySQL tags replication data
with the originating server, so once it makes its way through the
circle it won't be applied again. My only problem so far is that this
would end up like a token ring network, in that one dead link and the
whole thing is unusable. Otherwise I'll end up using linux-ha and some
perl scripts to dynamically reconfigure a pair of servers as
Master/Slave (when the master crashes, the slave becomes the master,
and when the previous master comes back up it automagically knows to
become the new slave). 
Let me know if there's any thing else I can answer.
Hope this helps,
Nick Harring
Webley Systems