On 02/11/04 11:47 AM, Örn Hansen <orn.hansen@swipnet.se> wrote:
måndag 01 november 2004 19:32 skrev Danny Sauer:
If you plan to work with some antique software (on other operating systems) or stuff that's not PAM/NSS aware, NIS may work better. Then again, NIS sucks in about every way, so LDAP's a much better choice in almost every situation. :)
Well, not always ... LDAP with the built in database (ldb I think it's called), is so slow that it can really make lookups suck ... big time. However, with bdb it's quite fast, but bdb has a lot of drawbacks. A word of caution is not to upgrade a bdb layout from a i386 to a x86_64, that didn't happen quite happily on my end. Export/Import ldiff's for that. I never really got SQL working, so I don't know how good that is. But I think NIS has some advantages in specific situations, as I never felt the kind of performance drop with nis as I did with ldap,with the ldb database.
You can dramatically increase the performance of an ldap database by caching and indexing it. Caching can be done by placing cachesize and dbcachesize into your slapd.conf and giving them a value equal to the largest index file. Index however really increased the performance, at the expense of increasing the time taken to modify attributes, so once your database is setup and filled, add "index default" to the slapd.conf. This will generate an index of all the attributes in your system, to exclude particular ones you can use "index <attribute> none" prior to the index default to remove them from indexing. So long as you dont have a vast database the performance increase is phenominal. Our ldap implimentation, with a userbase of over 3000, had logons of ~15 seconds prior to indexing; now its certainly under a second. Regards, Ben