discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: GNUstep directory in userhome


From: Manuel Guesdon
Subject: Re[2]: GNUstep directory in userhome
Date: Sun, 11 Mar 2001 12:57:39 +0100 (CET)

On Sat, 10 Mar 2001 19:13:14 +0100 Helge Hess <Helge Hess <address@hidden>> 
wrote:

 >| Manuel Guesdon wrote:
 >| > On Wed, 07 Mar 2001 09:39:38 +0100 Helge Hess <Helge Hess 
 ><address@hidden>> wrote:
 >| >  >| Further LDAP servers usually have a *very* fine grained access control
 >| >  >| (much more complex than Unix) ! Eg in OpenLDAP you can restrict access
 >| >  >| on field level.
 >| > 
 >| > You're right but having a lot of access rights in OpenLDAP can make it 
 >unusable: we had something like 20 or 25 rules for an
 >| > OpenLDAP (on a x86 bi-pro 600) to handle mail routing and user accounts. 
 >When the load increased (a little), the OpenLDAP server
 >| > started to fail to respond to requests every 2 or 3 hours ! Without these 
 >access rules, there's no problem.
 >| 
 >| I miss your point. Of course additional checks require additional
 >| resources. Besides that OpenLDAP is certainly not the best LDAP
 >| implementation available (but basically the only freely available).
 >| Commercial directory servers scale to huge amounts of entries and
 >| hit-rates.

Yes. In the OpenLDAPversion we used, I think access rights were not (or not 
well) cached. I don't know for the last
versions.


 >| BTW: if you write that the server *fails* to respond to request it
 >| sounds more like a bug than a performance problem. Maybe you are using
 >| an unstable OpenLDAP version ?

No, it was a stable one. There was a memory leak (I think) in this version but 
the main problem when load increased
was that the server didn't handle requests quickly enough so another requests 
came and it handle request less and less
quickly, and so on...
We don't use nscd (to cache uid/uid numbers) because some versions have a bug 
which make a system unavailable in less
than 10 minutes if the ldap server doen't reply to request (for exemple when 
restarting it) :-(
 

 >| > Another point is that using ldap to store user info increase GNUstep 
 >dependencies.
 >| 
 >| Exactly. It would be nice as an option (especially in enterprise
 >| environments), but not as the only way to store defaults.

I agree. We use Open LDAP to centralize users, domains,... information and it 
make things easyer.

Manuel

--
______________________________________________________________________
Manuel Guesdon - Software Builders <address@hidden>
14 rue Jean-Baptiste Clement  -  93200 Saint-Denis  -  France
Tel: +33 1 4940 0999  -  Fax: +33 1 4940 0998






reply via email to

[Prev in Thread] Current Thread [Next in Thread]