LDAP Load Tools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sanga M. Collins wrote:
> I think the deployment guide suggests you use pointers instead of loading large pieces of data into the directory
>
> Sanga M. Collins 
> Network Engineering
> ~~~~~~~~~~~~~~~~~~~~~~~
> IT Management LLC
> 6491 Sunset Strip #5, 
> Sunrise Fl, 33313
> Tel: (954) 572 7411, 
> Fax: (435) 578 7411
>
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Michael Str?der
> Sent: Thursday, June 19, 2008 3:48 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: LDAP Load Tools
>
> Michael Brown wrote:
>   
>> I'm working with an RHDS customer (currently RHDS 7.1sp3,  
>> hopefully moving to sp6 soon, or RHDS 8) with large attribute 
>> requirements (some attributes 25-30 Mbytes)
>>     
>
> Never saw a deployment where you store several MB into attributes. I'm 
> really curious whether that works? I know you can store this amount of 
> data but whether it really works for many entries.
>
> Ciao, Michael.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

As an FYI... The issue in the environment in which I'm working is not a 
data at rest issue for the large attributes, but rather a replication 
and writing issue.

This is a US Government customer who has deployed a large PKI and LDAP 
infrastructure based upon the Red Hat CA and DS products, and they have 
several CA's with large certificate revocation lists approaching several 
tens of Mbytes each (the customer has issued tens of million of certs 
from all the CAs deployed, and has revoked > 20% of these prior to 
expiration at any one time for various reasons, thus the large CRLs).  
These CRLs are published to Red Hat DS instances in the 
certificateRevocationList;binary attribute in the entry for each CA and 
replicated to consumer DS instances and customers who require the CRLs.  
OCSP is also used, but CRLs are still required for many applications.

This is a reasonably mature architecture as far as PKI and LDAP are 
concerned, first deployed in 1999 or thereabouts (think Netscape days), 
but the large CRL growth has been problematic both in generation and in 
publishing/replication at times.  The publishing and replication tuning 
is what I'm trying to address with additional lab testing.

The Red Hat CA and DS solutions have shown themselves to be scalable and 
secure in this environment, with proper care and tuning.

Michael
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux