Comments on: Why not LDAP?

By: Izmir escort

Izmir escort — Fri, 06 Jan 2012 18:21:05 +0000

oh my god..

By: lucasrockwell

lucasrockwell — Sun, 28 Jun 2009 03:52:29 +0000

In my current work we use Sun's LDAP proxy server which allows you to very easily scale out LDAP. For instance, if you have 100M users, you could easily split them up into n clusters (at least 2 LDAP servers — each a multi-master — in a cluster) of people (maybe 2-10M per cluster), and then the proxy server (based on the DN) would know where the user is located. Of course, if you didn't know where someone was (because you were not doing a base search using an exact DN) then there is more work involved in finding the person.

By: The ROFLR

The ROFLR — Sat, 27 Jun 2009 02:39:16 +0000

It's not a problem with LDAP itself, but whether or not it can scale out. The cost you end up paying in a distributed LDAP server is for consistency, since LDAP is designed with strong consistency in mind, it would likely need to be (a) completely replicated and (b) require some strong ordering mechanism (like Paxos). It's not a problem of scaling up, it's a problem of scaling out. If you have an example of a scaled OUT LDAP system, I'd be interested in seeing it.

By: lucasrockwell

lucasrockwell — Thu, 25 Jun 2009 08:15:43 +0000

I am not sure what you are suggesting… Are you suggesting that LDAP can not handle tens of thousands of operations per second?

http://blogs.sun.com/directoryservices/entry/45...

http://blogs.sun.com/directoryservices/entry/op...

On my MacBook, I can get OpenDS 1.3RC6 to do around 7000 requests/second (and this is a Java app). Sun's c-based DS is much faster.

By: The ROFLR

The ROFLR — Wed, 24 Jun 2009 04:18:45 +0000

But seriously, LDAP's scalability is *not* performance scalability. In a modern key-value store, being unable to handle tens of thousands of operations per second per node would be completely unacceptable.

By: The ROFLR

The ROFLR — Wed, 24 Jun 2009 03:41:02 +0000

lolololololol

By: lucasrockwell

lucasrockwell — Sat, 18 Apr 2009 07:39:53 +0000

Yea, it is sad how the web 2.0 crowd doesn't consider LDAP. I downloaded Laconica and took a look at the SQL and it just boggles my mind how they think something like that can scale. I guess when your tool of choice is a RDBMS, every problem starts looking like a SQL query.

By: lucasrockwell

lucasrockwell — Sat, 18 Apr 2009 07:31:51 +0000

We have a 3 node (multi master) + 2 proxy setup that barely gets exercised (like in the low teens requests/second). This is with Sun's DS and proxy 5.2 series.

The real fun I am having right now is working on using OpenDS as a ticket cache (TicketRegistry) for CAS (the JA-SIG single sign on server). My testing today used two OpenDS servers doing an average of 216 write/read/delete operations per second (72 tickets per second going through this 3-stage process). One server would do the initial write, and then replicate the info the other server where it was read and then deleted. So, it was replicating 72 tickets/second over the network. I actually think it can do a lot more than that.

On Monday I am going to do this for 1M tickets to see how it goes. I will be putting together a paper on it when I am done. I'll post a link to all of that info on this blog once it's ready.

By: Jauder Ho

Jauder Ho — Sat, 18 Apr 2009 04:13:31 +0000

What kind of traffic are you seeing on your DS?

I've been a longtime fan of LDAP and have done several deployments. It is interesting to me that none of the web20 companies have used LDAP (that I know of) as part of their architecture.

Imagine, sharding information could easily be kept in the DS (amongst other things) and on a well tested infrastructure.

By: lucasrockwell

lucasrockwell — Thu, 19 Mar 2009 09:15:53 +0000

Thanks for the comment. Yes, LDAP is old, and still an amazing technology. Telcos don't use LDAP because they are “legacy” companies, they use it because it is fast and scales wonderfully.

I wish you the best of luck with your current and future LDAP projects!