On Wed, 25 Jul 2001, Mike Jackson wrote:
> I have had bad experiences with OpenLDAP in terms of memory leakage and
> replication crashing, not to mention lack of decent SSL support until
> the 2.0.11 release. I switched to iPlanet 4.13 on Solaris and now the
> problems are over. I use OpenLDAP for development purposes, because it's
> easy to set up and easy to change, etc. I don't consider it suitable yet
> for large production usage.
Which version of OpenLDAP you were using ?
I wonder if there are still leakage issues with current version.
> > > LDAP servers are specifically designed to handle very high request
> > > loads, as they are optimised for many-reads-few-rights. LDAP scales very
> > > well - simply replicating the LDAP databases on each local machine will
> > > ensure the system stays up and working.
>
> With OpenLDAP, you have to replicate the ENTIRE database to each
> machine. Slurpd crashes frequently, and is hard to configure.
Hmm, replicating whole database once can be accepted in this project.
But, how about, for example, user changing his/her password ?
Will this data be automaticaly propagated without problems ?
> > Hmm, a friend of mine is using LDAP for his not so big mail/web server. He
> > uses just nss/pam. He said recently that NSS performs poor on high load.
>
> nss_ldap and pam_ldap are completely different from qmail-ldap.
> Qmail-ldap contacts the LDAP server directly, it doesn't need to use
> nss_ldap and pam_ldap as a proxy. Of course, using stock qmail with
> nss_ldap will be slow as hell.
Why ? is NSS so slow ? It's just libc pluggable module executing in
address space of a porcess requesting the info.
Well, the only source of significant overhead I see is spawning
qmail-getpw (fork/exec costs)
> When the code contains memory leaks, the more you load it, the more it
> leaks and the quicker it crashes.
Yes, it's clean.
> In-cluster deliveries work via qmqp. Qmqp is not smtp. It is something
> like 30 times faster than smtp. "Clustering" is a bit of a misnomer for
> qmail-ldap. It does mail routing based on mailhost attributes in ldap,
> and it does it quite well.
But it assigns particular accounts to particular servers, that's what I'm
trying to avoid.
-=Czaj-nick=-
