(RADIATOR) Radiator and LDAP performance

Jim Michael JMichael at chesterfield.mo.us
Thu Mar 3 17:29:02 CST 2005


Hi Campbell-

Just throwing this out: here we have a different architecture, that lends itself to even more performance from LDAP/eDirectory. Instead of letting apps like Radiator authenticate against our "production" tree, which would involve filtering/searching for the user within a specific context (as you're doing), we authenticate against an "identity" tree. This tree is a flat structure, with ALL users under one container. These user objects are automagically kept in sync with the "real" user objects in the production tree via Novell's DirXML technology (which ships free with NetWare 6.5). 

So, apps like Radiator that are pure authentication mechanisms hit the flat, fast, single container identity tree and this is much faster than filtering/searching for the specific user. We use the same tree to authenticate users via our iChain web appliance.

Anyway, just throwing that out in case its a solution you haven't thought of.

Jim

>>> "Campbell Simpson" <Campbell.Simpson2 at telecom.co.nz> 3/3/2005 3:08:16 PM >>>
Thanks for the responses,

Yes eDirectory does seem to be quite fast with LDAP responses. Using radpwtst I was able to get around 30req/sec sequentially. There were the odd pauses during testing sometimes which seems to be related to load or processes running on the eDirectory box. I'm going to play around with sub-servers to see if I can improve things.

As for what number of req/sec I'm aiming for I'm not too sure yet. I'm basically wanting to get the most out of Radiator and eDirectory now so I have some benchmark figures that can be used to evaluate radiator in another project.

Cheers

Campbell

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Thursday, 3 March 2005 7:35 p.m.
To: Campbell Simpson
Cc: radiator at open.com.au 
Subject: Re: (RADIATOR) Radiator and LDAP performance


Hello Campbell -

It is often the case that you have to make multiple queries to the  
database (be it LDAP or SQL), depending on your overall design.

As long as the LDAP server responds quickly enough, you shouldn't have  
a problem.

What is the expected user population? And what is the expected radius  
request rate per second?

Your observations below are correct, but see Mike's mail about testing  
"Universal Passwords".

regards

Hugh



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
 

------------------------------------------------------------------------------
"This communication, including any attachments, is confidential. 
If you are not the intended recipient, you should not read
it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this 
communication does not designate an information system for
 the purposes of the Electronic Transactions Act 2002."
------------------------------------------------------------------------------

--
Archive at http://www.open.com.au/archives/radiator/ 
Announcements on radiator-announce at open.com.au 
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list