Home

Migration from openldap to fedora/redhat directory service

We'll migrate our directory service from openldap to fedora/redhat directory service, the ldap server is considered almost the back-end for everything on our hosted IT services.

we are running openldap-2.0.27 which have many deprecated service. it's six year old . we have almost 500,000 entry.

We have benchmarked our staging setup with ixia, it gave very positive results, we were able to authenticate (bind) 1800,000 and having 22000 write/modify operation in just 2 minutes with no impact on the service. Actually the setup isn't just one server they are five servers; with two hardware load balancers, still it's awesome software to rely on.

The migration will be tomorrow, I feel confident about the software that we are going to use. it's very exciting.

Comments

by Anonymous | Mon, 02/23/2009 - 23:41

OpenLDAP 2.4 is at least 3x

OpenLDAP 2.4 is at least 3x faster than every other current LDAP server. And more spec-compliant than all the rest. Why did you stay with such a broken version for so long?

by diaa | Tue, 02/24/2009 - 18:35

here is the story

2.0.7 was working fine until we have got more that 600K entries, during this time it was working fine no body cared much about updating. then adding one entry became very slow it would take like 2-3 minutes so we had to upgrade.

We needed to have chaining plus mulimaster, so write operations and read operation goes to only one ldap gateway and reads goes to read nodes and write operation is done on behalf of the client as most of our application doesn't support referrals.

We could have this solution by having two openldap servers in mirrormode and and have N number with read only replica. but it wasn't clear for us if we had one mirror crashed and there is a bulk changes and attributes changes. it might corrupt our data. as per my email to ol mailing list http://www.openldap.org/lists/openldap-software/200801/msg00185.html

So, we opted to run fds/rhds instead of ol.

by Anonymous | Wed, 10/21/2009 - 11:59

LDAP and Linux laptops

Could you manage to authenticate Linux laptops from the LDAP directory and keep them working offline as well?
(Caching the user credentials or create local users during the first authentication)
I also have problems with the login process on the laptop. It is authenticating first and connecting the user to the network later (NetworkManager).

Andrew
andrew.farago(at)tangs.net