OpenLDAP for lager number of entries
Hi, My organization works with public software, and we are interested in use OpenLDAP to control close of 100,000,000 users. Is it a good idea? What kind of database can we use? Is there some research that points what is the limit for the volume of users? Thanks, Marcelo
How to let users change their passwords?
Dear, all. I have been searching low and high for a tool that can let users to change their passwords in 389 DS or OpenLDAP? I think there is a real need for such a tool and I hope that people already wrote such a tool... Please share your ways of how you allow your users to change their passwords or other setup/architecture that allow this function. Beside that, I also recommend Apache Studio as a great tool to work with LDAP servers. Thank you in advance.
Re: OpenLDAP for larger number of entries
Marcelo wrote: Hi, My organization works with public software, and we are interested in use OpenLDAP to control close of 100,000,000 users. Is it a good idea? What kind of database can we use? Is there some research that points what is the limit for the volume of users? Whether or not it is a good idea mostly depends on what you need to do with the data, and what software will be used to access it. If most of your apps already support LDAP then it's probably a good idea. There are no capacity limits in OpenLDAP. We have tested back-bdb and back-hdb with over 5 billion users. No other directory server in the world has scaled to sizes like this while delivering useful performance. The only limits are your own - your patience, and the performance of the machines you use to house the database. There are no secret tricks - good performance requires sufficient RAM and fast bandwidth to memory, disks, and network interfaces. Raw CPU performance is much less important here than aggregate bandwidth. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: ldap_sasl_bind_s() with DIGEST-MD5
On 24/07/10 21:18 +0530, Shankar Anand R wrote: On Fri, Jul 23, 2010 at 9:43 AM, Shankar Anand R shankaran...@gmail.com wrote: On Fri, Jul 23, 2010 at 12:10 AM, Dan White dwh...@olp.net wrote: See the man page for ldap_sasl_interactive_bind_s(), in which you provide a callback function for providing the sasl realm, authc identity, password, and authz identity. Also see doc/programming.html in the cyrus sasl source for discussion of interactions, and plugins/ldapdb.c for a working example. Thanks for your help. I will read the doc and the example. Meanwhile I want to check if I can avoid ldap_sasl_interactive_bind_s(). Wouldn't ldap_sasl_bind_s() work for DIGEST-MD5? If it works, I would like to go with it. Can you point out a way to do that? Can someone point me to a sample program which uses ldap_sasl_bind_s() with DIGEST-MD5? The ldapdb.c library that I referred to above is a good example. Any of the OpenLDAP client utilities are also good examples. You'd do good to steer clear of writing an application which attempts to hard code a specific mechanism. One of the advantages of the sasl library is that it abstracts a lot of the mechanism specific details away. If you write your code using an interactive callback function, then you'll have the ability to support any of the password based mechanisms, which could be selected at runtime. -- Dan White