(RADIATOR) Radiator and LDAP performance

Hugh Irvine hugh at open.com.au
Thu Mar 3 23:20:33 CST 2005 

Thanks Jim -

Excellent suggestion.

regards

Hugh


On 4 Mar 2005, at 00:29, Jim Michael wrote:

> Hi Campbell-
>
> Just throwing this out: here we have a different architecture, that  
> lends itself to even more performance from LDAP/eDirectory. Instead of  
> letting apps like Radiator authenticate against our "production" tree,  
> which would involve filtering/searching for the user within a specific  
> context (as you're doing), we authenticate against an "identity" tree.  
> This tree is a flat structure, with ALL users under one container.  
> These user objects are automagically kept in sync with the "real" user  
> objects in the production tree via Novell's DirXML technology (which  
> ships free with NetWare 6.5).
>
> So, apps like Radiator that are pure authentication mechanisms hit the  
> flat, fast, single container identity tree and this is much faster  
> than filtering/searching for the specific user. We use the same tree  
> to authenticate users via our iChain web appliance.
>
> Anyway, just throwing that out in case its a solution you haven't  
> thought of.
>
> Jim
>
>>>> "Campbell Simpson" <Campbell.Simpson2 at telecom.co.nz> 3/3/2005  
>>>> 3:08:16 PM >>>
> Thanks for the responses,
>
> Yes eDirectory does seem to be quite fast with LDAP responses. Using  
> radpwtst I was able to get around 30req/sec sequentially. There were  
> the odd pauses during testing sometimes which seems to be related to  
> load or processes running on the eDirectory box. I'm going to play  
> around with sub-servers to see if I can improve things.
>
> As for what number of req/sec I'm aiming for I'm not too sure yet. I'm  
> basically wanting to get the most out of Radiator and eDirectory now  
> so I have some benchmark figures that can be used to evaluate radiator  
> in another project.
>
> Cheers
>
> Campbell
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, 3 March 2005 7:35 p.m.
> To: Campbell Simpson
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Radiator and LDAP performance
>
>
> Hello Campbell -
>
> It is often the case that you have to make multiple queries to the
> database (be it LDAP or SQL), depending on your overall design.
>
> As long as the LDAP server responds quickly enough, you shouldn't have
> a problem.
>
> What is the expected user population? And what is the expected radius
> request rate per second?
>
> Your observations below are correct, but see Mike's mail about testing
> "Universal Passwords".
>
> regards
>
> Hugh
>
>
>
> --  
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
>
>
> ----------------------------------------------------------------------- 
> -------
> "This communication, including any attachments, is confidential.
> If you are not the intended recipient, you should not read
> it - please contact me immediately, destroy it, and do not
> copy or use any part of this communication or disclose
> anything about it. Thank you. Please note that this
> communication does not designate an information system for
>  the purposes of the Electronic Transactions Act 2002."
> ----------------------------------------------------------------------- 
> -------
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our  
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list