Przemyslaw Wegrzyn wrote:
>
> On Wed, 25 Jul 2001, Graham Leggett wrote:
>
> > Przemyslaw Wegrzyn wrote:
> >
> > > I'm going to use qmail + courier imap/pop + maildrop, maildirs++ over NFS.
> > >
> > > I consider using qmail-ldap, but I've heard many things about OpenLDAP
> > > performace - both good and bad opinions.
I have had bad experiences with OpenLDAP in terms of memory leakage and
replication crashing, not to mention lack of decent SSL support until
the 2.0.11 release. I switched to iPlanet 4.13 on Solaris and now the
problems are over. I use OpenLDAP for development purposes, because it's
easy to set up and easy to change, etc. I don't consider it suitable yet
for large production usage.
> > > If every qmail-ldap server asks central ldap server on every delivery, I
> > > guess it can probably overload OpenLDAP server.
The LDAP server is consulted on inbound deliveries, or deliveries where
it is going to another of your account holders. iPlanet has quite qood
caching, OpenLDAP crashed when I tried to use caching.
> - using qmail-ldap - but I don't know yet anything about LDAP's
> performance/scalability/replication
I don't mean to be advertising for iPlanet, but their stuff works.
Openldap doesn't even handle subtree replication. iPlanet does. It
handles replication over SSL, and normal SSL connections like a dream.
> not-this-list, but maybe someone will answer: how OpenLDAP handles
> replication ? How it handles locking ? Does updating data requires
> whole database lock ?
Replication sucks on OpenLDAP.
> > LDAP servers are specifically designed to handle very high request
> > loads, as they are optimised for many-reads-few-rights. LDAP scales very
> > well - simply replicating the LDAP databases on each local machine will
> > ensure the system stays up and working.
With OpenLDAP, you have to replicate the ENTIRE database to each
machine. Slurpd crashes frequently, and is hard to configure.
> Hmm, a friend of mine is using LDAP for his not so big mail/web server. He
> uses just nss/pam. He said recently that NSS performs poor on high load.
nss_ldap and pam_ldap are completely different from qmail-ldap.
Qmail-ldap contacts the LDAP server directly, it doesn't need to use
nss_ldap and pam_ldap as a proxy. Of course, using stock qmail with
nss_ldap will be slow as hell.
> > As for it "overloading an OpenLDAP server", the only issue here is how
> > big your OpenLDAP machine is, and how many machines you got. If you
> > overload the server that's a RAM-and-processor problem, not an openldap
> > problem. If openldap turns out to be less than reliable, or it does not
> > suit your needs, install an alternative - like iPlanet Directory Server.
When the code contains memory leaks, the more you load it, the more it
leaks and the quicker it crashes.
> Well, but, given the same hardware, some technology performs better, some
> worse.
Yes, iPlanet performs better than OpenLDAP given the same hardware. I
normally am all for open-source software, but IMHO OpenLDAP just does
not cut the mustard.
> I've just looked through qmail-ldap FAQ - I can see that its clustering
> support is done by assigning particular account to particular server. Will
> it balance well, if some accounts reciver large amount of mail, while
> others just one mail a week ?
In-cluster deliveries work via qmqp. Qmqp is not smtp. It is something
like 30 times faster than smtp. "Clustering" is a bit of a misnomer for
qmail-ldap. It does mail routing based on mailhost attributes in ldap,
and it does it quite well.
--
Mike
