Subject: Re: LDAP NSS for NetBSD
To: Luke Mewburn <lukem@NetBSD.org>
From: Love <lha@stacken.kth.se>
List: tech-userlevel
Date: 02/22/2005 16:32:55
--=-=-=
James Chacon <jmc@NetBSD.org> writes:
>> I think something like nscd/winbind/lookupd is needed here. The overhead of
>> TLS connections is to much for the LDAP server, its hard to do TLS
>> connection reuse, there no where to save the session data.
>>
>> Sorry for introducing requirements, but experience work showed using a
>> couple 100's clients with no tls caching made the ldap servers real
>> unhappy.
>
> What kind of ldap servers? We use ldap+tls here w. > 100 clients and a
> couple of those are extrememly busy (think imap logins for 30,000+ users).
> The LDAP servers keep up fine with that.
OpenLDAP, it was now 2-3 years ago. It was a combination of storing TLS
connections and TCP connections, the thing that killed the LDAP server for
real was that the (linux) LDAP server ran out of bits in the select bitmap.
Love
--=-=-=
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (NetBSD)
iQIVAwUAQhtQqBZyDLTSep3UAQLoYxAAwQZdO3MVcUZxzbPijam0moCPOS+kE4nB
JsuvgK/8EFOoOVi1ZoT8ibKVsjEv/5aOdXrnY1spB/5zFt9T9cHAo4kMXrBw6h/f
NDqlKiLVBT1Y/AVaRYbpbtvQbLdtc6kEK2pVkLH4ytIA0mJiPpVN26oT+siI2YAq
Fo1ypsQ5FLzCSca9nXU6/gkilfk1rBPWwB1S8ifoF3DqMRmNLoCDAgrEvoZfQySn
4svvHUy0LRikia88Hc+634X8/aGfHNKGDBz77tr8nD2wQwTC07/wE1exGzCpjWH8
qAdJ+B9RsQw4O3XRKz8PzoXscvnVMp1/A3hd+dsRJrzwYJyVx+LQdADx57InzElq
prd/TbvwvuO+aGl8l7bhpvnwGBbCgvvfwmo0DwHEbPuT9R3dQ5l9Pq5AjEadeHgM
Mqa69MitojOHaKQC/d+WiuPj4UKbXpDRvnd0ZpT/TsxYFzaiJpb8P7ac/moF/SF/
Jp36uswjxPhvvBvzbwdeg+HDEX+iYwWfz6VcCjLE2UA6TOi0HsAq9WrqWwtuqah2
joEG5OX1G7YkuGy6H5uO3QzrSRG8ohiIwUUOt56YupBAiVwHTkO6F5D8VlJ27vp7
GxJbIxav2rLxuowIHbJtYkUhxKDw+Ccqq5NVMNfTA3OwA979ChzCsCj1mJ9GyQPl
97Xh9HA912o=
=opn3
-----END PGP SIGNATURE-----
--=-=-=--