Re: [Exim] LDAP advise? (new to ldap)

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Douglas Gray Stephens
Ημερομηνία:  
Προς: Philipp Gaschuetz
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] LDAP advise? (new to ldap)

At 12:50 on 29-January-2002, Philipp Gaschuetz wrote:
> Hi Douglas,
>
> At 23:10 28.01.2002 -0600, you wrote:
>
> >to build something that fits your needs. If you have a mobile work
> >force, then you may want to go for a flatter structure. If you have a
> >flat structure, then you can always have a use filters to return the
> >appropriate records, and you may not be able to get to that data if it
> >is in the tree structure. It may be that you want a structure
>
> Thanks for your mail and your extensive reference list!
>
> One question though: flat structure vs. tree structured LDAP "setup":
>
> are there any major performance downgrades by having a flat structure? I'd
> think for example, that if you have the data in a normal SQL database, that
> would be much of a performance downgrade - don't know if LDAP works
> completly different.


In your original mail you suggested DNs like
domain=foo.com,l=aliases,device=mail1, ou=office1, o=company
domain=foo.com,l=pop accounts,device=mail1, ou=office1, o=company

and then the users
dn=popuser1, domain=foo.com,l=pop accounts,device=mail1, ou=office1, o=company

These means that to get a list of DNs for domain foo.com, you would
need to set a search root at
domain=foo.com,l=pop accounts,device=mail1, ou=office1, o=company
and use a LDAP filter
dn=popuser1
I suspect that on many servers it is faster to set a search root
ou=office1, o=company
(you said one server per office) and then use a more complex filter
(&(dn=popuser1)(domain=foo.com)(l=pop accounts)(device=mail1)(ou=office1))
(of course assuming that all the appropriate attributes are indexed).

Keeping the additional indicies will increase the LDAP server memory
requirements, and could slow updates to the LDAP server (due to having
to update the indicies).

> We are not talking about massive amounts here (80.000 objects per office (
> == per LDAP server ) at most), but still, mail services can probably stress
> any database/directory server a lot...


80k objects is fairly small by LDAP standards, and these are simple
queries. Schlumberger currently has about 110k objects replicated to
servers round the world. The servers handle HTTP, HTTPS, LDAP, LDAPS,
and SMTP traffic. I think that the HTTP/HTTPS interface to the
Directory probably takes most CPU (e.g. building graphical
organisation charts on the fly). A typical replica is a quad
processor machine and is handling well over 2 millions searches per day,
40+k emails (all involving at least one lookup in LDAP), (I'm off line
so cannot recall the HTTP stats).

I hope this helps,

Douglas.

--

================================
Dr. Douglas GRAY STEPHENS
Global Infrastructure (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND

Phone  +44 1223 325295
Mobile +44 773 0051628
Fax    +44 1223 311830
Email DGrayStephens@???
================================