noobq: reasons to use openldap ?

[afabco]

Poking around with openldap some; I guess my primary question is why is why would I use ldap rather than a real database system (insert-flavor-of-yer-choice).

Googling seems to indicate that the ldap is better designed for lots of read-only accesses, but is that really compelling enough? Or are there really orders of magnitude speed difference? Or is/are there other reasons?

Also, somewhat related, some example slapd.conf use bdb, others use lbdm. Which is better/approved/more commonly used/official?
_________________
Anyone who puts a small gloss on a fundamental technology, calls it proprietary, and then tries to keep others from building on it, is a thief.
-Tim O'Reilly

[jhmartin]

LDAP is not meant for any sort of transactional database -- it is meant to act as a nearly read-only database. It is heavily optimized for that, and it also offers replication services to make it more reliable that also rely on it being mostly read-only.

A full-sized RDBMS has infrastructure to handle many more cases than LDAP, and as such is a much heaviers installation. OpenLDAP is much ligher then Oracle. One could make a case that mysql is comparably heavy, but then you get into the standards used to communicate to the server. Many system tools are written to be able to communicate to LDAP, but far less are written to talk to MySQL / Oracle / Postgres.

[Janne Pikkarainen]

OpenLDAP is wonderful if the following criterias are met:

- You have lots of user acconts (say, tens of thousands or more)

- Your userbase changes relatively rarely and doesn't need to be modified several times a minute.

- You are going to need a centralized user management for spam filtering / mail forwarding / authentication / username lookup

In the past lots of software was written to work with LDAP in mind. I think situation has changed a bit: nowadays in many applications one can choose the backend module, let that be BerkeleyDB, MySQL or LDAP.

OpenLDAP is a complicated beast to set up. Initial database population can make you groan if you are unfamiliar with OpenLDAP and its directory tree concept in general. Also fine-tuning the performance to suit your needs is a bit tricky. Usually BDB backend is recommended: let me warn you, administrator seriously needs to take a look at /var/lib/openldap-data/DB_CONFIG (or wherever you have databases installed). Default cache values etc. are probably way too low for any high-traffic site.

But after you've done with all the setup and testing, OpenLDAP usually just works. I've used it since 2001 or 2002 and it has never failed. This is in relatively busy environment with nearly 100 000 user accounts and from dozens to hundreds of queries per second.

On the other hand, we also use MySQL for other purposes and it's also been reliable as hell, even though it receives hundreds of queries per second around the clock. For environment where lots of writes to database are needed I would definitely take SQL instead of LDAP.

So I guess the final decision between OpenLDAP or MySQL (or some other SQL) is up to your needs and applications you're going to use. SpamAssassin, amavisd-new, Postfix, user authentication and many other things can be server from either LDAP or SQL.
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.".

[afabco]

Many thanks for the discussion. Sheds much more illumination on this topic than I had previously
_________________
Anyone who puts a small gloss on a fundamental technology, calls it proprietary, and then tries to keep others from building on it, is a thief.
-Tim O'Reilly