Jeff Tharp wrote: > I am looking into the feasibility of upgrading the LDAP backend used for > authentication on many of our web sites (roughly 300K users). Currently > we are using FedoraDS 1.0.2 running on RHEL 4 in a multi-master > configuration of two nodes configured as a high-availability cluster > using Heartbeat from the Linux-HA project. My underlying database is > Berkeley DB 4.2.52. My goal would be to upgrade to FedoraDS 1.1 running > on RHEL 5.1. I have managed to complete the initial installation on my > test system and so I'm now digging into the details of the migration. > > Some questions that have come up: > 1. RHEL5.1 ships with Berkeley DB 4.3 and I noticed a note that this has > been found subpar for production use in large environments. Should I > consider reverting back to Berkeley DB 4.2.52 or should I look into > installing Berkeley DB 4.5 or 4.6? If I installed the FedoraDS 1.1 fc6 > binary packages, do I need to be worried that these were built against a > specific Berkeley DB version? > Can you be more specific about your planned deployment? Number of entries? Average entry size? Search rate? Update rate? Number of masters? Total number of replicas? Number and type of clients? > 2. Most of the migration notes I see on the site mention migrating from > 1.0.4 to 1.1. Is it necessary to migrate our current 1.0.2 install to > 1.0.4 as an intermediate step to upgrading to 1.1? Or should the 1.0.4 > migration steps be sufficient? > The migration script in 1.1 will migrate from 7.1 and 1.0.x. You do not need any intermediate migration steps. The migration script should also work for even earlier versions (e.g. Netscape 6.x). > 3. Previously, we had separate physical filesystems for / and /opt, so > that the directory server files were separated from the system files. I > understand that in FedoraDS 1.1 the decision has been to standardize the > pathing so this is no longer feasible. If I still wanted at least the > instance-specific files (or at least the instance-specific database > files) to be in a separate filesystem, say /data, what would be the > recommended way of accomplishing this? Or should I just go crazy with > symbolic links to accomplish the structure I want? :-) > The main directory you would want to put on a separate partition is /var/lib/dirsrv/db - where the transaction logs and database index files go. These directories can be changed post setup, so you could just install Fedora DS 1.1 normally, then set those directories. For maximum performance, you should put the software on one physical device, the index files on another separate physical device, and the transaction logs on another separate physical device. See http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Tuning_Database_Performance-Changing_the_Location_of_the_Database_Transaction_Log.html > I greatly appreciate any advice you can provide regarding these > questions. I must say that we originally deployed FedoraDS 1.0.2 two > years ago to replace a much older OpenLDAP 2.0 implementation and have > generally been happy with both its performance and stability. > > Thanks, > Jeff Tharp > System Administrator > ESRI - Redlands, CA > http://www.esri.com > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080116/68779f9e/attachment.bin
