Re: [Sheflug] AccessSpace NIS

[nospam [at] alexhudson.com]

On Fri, Mar 30, 2001 at 07:52:22PM +1000, Matthew Palmer wrote:
> > 40 seconds?!?!? In my experience, LDAP has _always_ beaten the pants off
> > of anything it's been put against. Have you tried an ldapsearch from the
> 
> It doesn't take 40 seconds to complete a search - usually 2-3 seconds.  The
> full 40 seconds is taken up by normal processing, as well as the multitude
> of lookups that need to be done to complete a login.

Wow. The way it's always worked for me, is that the PAM module just requests
the user info about the user, and that's the only lookup it does via LDAP. 

> The bottleneck is, I think, RAM - the database is learge enough to overflow
> physical RAM, and so we have the ol' swap problem.

Yes, that sounds reasonable, although you must either have a very big
database or not much RAM :) Complex data structures are often not
particularly well suited to swapping - related data is not necessarily
stored together, and I imagine LDAP uses a red/black tree, or AVL, or
something. Plus, they're often optimized for speed - which means any space
efficiency usually goes to the wall :) 

> The main reason OpenAFS isn't in the kernel (and never will be) is that it's
> not GPLed, or even (AFAIR) DFSG-free.  It's under an IBM open-source
> licence, which, as with most of these sorts of things, is only just 'free as
> in beer', and certainly isn't speech-free.

Yep, that makes sense. That's shame, Linux could do with a good network file
system :(

> My only gripe with AFS is that it is depressingly reliant on Kerberos 4, not
> my favourite authentication scheme.  There is talk of Krb5 migration for
> OpenAFS, but it's not coming any time soon.

That's another shame :( I might have to give AFS a whirl at some point,
though, it sounds good.

> Replication under 1.2.11 isn't a doddle - it just doesn't work.  It doesn't
> follow it's own specifications as to the replog format.  Clever, huh?
> 
> I'm currently trying to make 2.0.7 work, to see if it's any happier.  I'm
> hitting a nasty brick wall with my ldapsearch, though - it keeps giving me
> "No such object" errors, no matter what Base DN and search filter I supply. 
> Any ideas?  If you're on the openldap-software list, you'll see my question
> there... <g>

Hmmm, not sure. I've only really used openldap 2, and never had _any_
problems replicating. Well, that is, it only supports simple binding - if
you want to modify information, you have to simple bind to the master server
- slave ldap servers are not able to refer, or the tools they provide don't
follow referrals. I remember sorting the authentication between the two
servers wasn't necessarily easy though..

Cheers,

Alex.

> Thanks.  Luckily, I have the god of editors (joe), which handles these sorts
> of brokennesses with a ^K J...

I've just export VISUAL=jpico; export EDITOR=jpico (I know pico bindings :)

--
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.