On Wed, 25 Jul 2001, Graham Leggett wrote:
> > - using qmail-ldap - but I don't know yet anything about LDAP's
> > performance/scalability/replication
> >
> > not-this-list, but maybe someone will answer: how OpenLDAP handles
> > replication ? How it handles locking ? Does updating data requires
> > whole database lock ?
>
> What you need to do is go off and learn all about LDAP and how it works
> first - especially before implementing a system as big as the one you're
> proposing.
And that's what I'm going to do the rest of this day ;)
> How LDAP replicates is all part of the LDAP protocol. Full featured LDAP
> servers like OpenLDAP and iPlanet Directory server can replicate data
> from master LDAP servers to many slave LDAP servers, having your entire
> database served by multiple machines similtaneously. This is good
> because if one of your servers goes down, others can take over. All of
> this functionality is handled out the box, it just needs to be laid out
> and configured correctly.
Of course I understand that replicating is a part of protocol
specifiaction. I'd like to know how OpenLDAP conforms to it, how it
performs.
> > Hmm, a friend of mine is using LDAP for his not so big mail/web server. He
> > uses just nss/pam. He said recently that NSS performs poor on high load.
>
> He isn't using LDAP - he's using NSS/PAM that gates through to an LDAP
> backend, which is different.
The difference is that it uses getpwname/getpwuid libc functions (which in
turn are redirected to the underlying NSS modules), insted of connecting
to LDAP directly.
Right ?
> qmail-ldap uses an LDAP server directly, which is significantly faster
> and easier to configure. It's also more secure - as NSS effectively
> gives people shell access if the right data is in the LDAP server (which
> is the point behind NSS).
Right. Currently I'm running web server with my custom PAM/NSS modules
using postgres as its source.
> This only comes into play when your machines are almost overloaded. An
> LDAP server's typical use of system resources is pretty modest - you
> just need to have enough RAM. You won't know until you test this though.
If it uses some caching - right. Again - I need to test it.
> Statistically as you get more mailboxes everything will even out. It is
> statistically highly unlikely that one box will get fuller significantly
> faster than another one - if it does, something is most likely wrong.
But it's possible, that while one of the servers runs all of its
resources, the other is bored..
> There are two ways to do load balancing though:
>
> - Allocate mailboxes to specific servers, and have qmail do the delivery
> through either clustering or normal relaying of mail.
And that's what I'm trying to avoid.
> - Allocate mailboxes out of one huge NFS tree, which is mounted on many
> load balanced servers - every mailserver can just deliver the mail
> locally, it doesn't matter which one does it - clustering is
> unnecessary. This is how you've said you're going to do it (with NFS).
>
> In short - ignore the stuff about clustering, you won't need it if you
> use NFS.
Exactly. But still qmail-ldap can help much...
-=Czaj-nick=-
