[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to limit it ?

On Mon, Nov 15, 1999 at 01:45:08PM -0400, charlesiii@theverge.com wrote:
> Can you have the LDAP info sent across the network encrypted.
> How fast is LDAP? How much data is sent.

The LDAP protocol itself does not have an encryption architecture, but at least
the OpenLDAP server and client libraries can be compiled with SSL support, so
yes.  You just have to use a SSL capable implementation.

As for LDAP, a single OpenLDAP server (as of my testing about 8 mos ago.  It's
possibly faster now) can easily handle about 100,000 records/users on a k6-233
with 48megs of RAM and an IDE HD.

As for the bandwidth, the linux glibc2.1 has the nscd (name-service cache
daemon), which acts as a cache for name-service requests (/etc/whatever
lookups).  The protocol itself is rather light on networks (thus the name..).
A single request for a user's info probably sends around 1-2k of data max per
user.  (IIRC, the libnss_ldap or pam_ldap can use persistent connections to the
LDAP server, and this save overhead, in which case, your bytes/request, is
probably closer to 600-800 bytes each.)  This is, of course, assuming that you
only mirror the data that's in the /etc databases.

Everything you need for this should be in the potato distribution.  I'm not
sure how well the debian setup works.  The LDAP-NIS implementation I installed
was home-rolled.

-- 
I do not believe in the creed professed by the Jewish Church, by the Roman
Church, by the Greek Church, by the Turkish Church, by the Protestant Church,
nor by any Church that I know of.  My own mind is my own Church.
                -- Thomas Paine
**
Penguin Sympathizer
Bryon Roche, Kain <elvnhaqr@bigfoot.com>
Reply to: