Hallvard B Furuseth wrote:
On Fri, 16 Mar 2012 22:07:36 +0200, Nick Milas<nick@eurobjects.com> wrote:we are replicating locally and applications connect using: ldap://localhost. We are considering using ldapi://localhost instead.ldapi://<URL-escaped socket filename>. See '-h' in man 8 slapd.Would there be any performance / reliability pros/cons?Should be pro, if there is a difference. Performance: The knowledge that transmitted data was always in your system's memory might drill deeper into caching/buffering policies.
There's also a hard limit of 32768 maximum concurrent connections using localhost; with ldapi there is no such limit. (I have frequently run into the connection limit doing soak tests. It's not just "concurrent" connections but any opened within 2MSL of each other, which is typically at least 2 minutes.)
Reliability: I don't know of any difference.
Both are reliable transports. No difference. Of course, it's possible to disable localhost (ifconfig lo0 down) (accidentally or not) and it's not possible to disable ldapi.
Security: In addition to ordinary slapd ACLs, you can use filesystem permissions to control access, and most systemss let you Bind with SASL/EXTERNAL to get a Bind DN based on the client process' uid/gid.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/