Re: Another try (scalability, usage)

[Pierangelo Masarati <pmasarati@bci.it>]

Hi.
Using OpenLDAP (with minor changes) for a big company internal security.


Adam Haberlach wrote:

> o. Is anyone using OpenLDAP for large (10,000 or so) directories?  Does it
> work well at this level?  How heirarchial is your schema?  We're looking at
> a situation in which most users will be in one organizational unit (mainly
> for authentication).

About 25000 entries (20000 people), with basically no hierarchy (a flat directory
for people, a rough one-level hierarchy for organizational units, soft links
between
people and OUs and between deeper hierarchical levels of OUs). We're doing
basically authentication, but also redirection for proxies (say, the profile of a
person
contains the "groups" he's associated to, and some groups are associated with
regexps
that build up the set of URLs the person can access) and other things of this
kind;
we use a master server and three replicas, and there is a lot of updating nightly
and
some continuous updating daily, mainly password changing by the users and
addition/removal of these "groups". No problems axcept for some index corruption
every now and them. I've never been able to track the reason, but I always keep
a backup db that is updated separately from the main one, for emergencies.

>
> o. Is anyone storing arbitrary data?  We are also looking at storing
> alternate versions of filesystems, for revision tracking.

Well, kindof. I'm storing photos in the user's profiles, some 2K gif files.
I do not suggest using ldap for storing a filesystem, and I pushed towards using
URLs
instead of the actual pictures in the DS. At present it is performing well, but
I don't
know what to expect in case of larger files.

Bye, Pierangelo Masarati