LDAP Load Tools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Brown wrote:
> Sanga M. Collins wrote:
>> I think the deployment guide suggests you use pointers instead of 
>> loading large pieces of data into the directory
>>
>> Sanga M. Collins Network Engineering
>> ~~~~~~~~~~~~~~~~~~~~~~~
>> IT Management LLC
>> 6491 Sunset Strip #5, Sunrise Fl, 33313
>> Tel: (954) 572 7411, Fax: (435) 578 7411
>>
>>
>> -----Original Message-----
>> From: fedora-directory-users-bounces at redhat.com 
>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of 
>> Michael Str?der
>> Sent: Thursday, June 19, 2008 3:48 AM
>> To: General discussion list for the Fedora Directory server project.
>> Subject: Re: LDAP Load Tools
>>
>> Michael Brown wrote:
>>  
>>> I'm working with an RHDS customer (currently RHDS 7.1sp3,  hopefully 
>>> moving to sp6 soon, or RHDS 8) with large attribute requirements 
>>> (some attributes 25-30 Mbytes)
>>>     
>>
>> Never saw a deployment where you store several MB into attributes. 
>> I'm really curious whether that works? I know you can store this 
>> amount of data but whether it really works for many entries.
>>
>> Ciao, Michael.
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
>
> As an FYI... The issue in the environment in which I'm working is not 
> a data at rest issue for the large attributes, but rather a 
> replication and writing issue.
>
> This is a US Government customer who has deployed a large PKI and LDAP 
> infrastructure based upon the Red Hat CA and DS products, and they 
> have several CA's with large certificate revocation lists approaching 
> several tens of Mbytes each (the customer has issued tens of million 
> of certs from all the CAs deployed, and has revoked > 20% of these 
> prior to expiration at any one time for various reasons, thus the 
> large CRLs).  These CRLs are published to Red Hat DS instances in the 
> certificateRevocationList;binary attribute in the entry for each CA 
> and replicated to consumer DS instances and customers who require the 
> CRLs.  OCSP is also used, but CRLs are still required for many 
> applications.
>
> This is a reasonably mature architecture as far as PKI and LDAP are 
> concerned, first deployed in 1999 or thereabouts (think Netscape 
> days), but the large CRL growth has been problematic both in 
> generation and in publishing/replication at times.  The publishing and 
> replication tuning is what I'm trying to address with additional lab 
> testing.
>
> The Red Hat CA and DS solutions have shown themselves to be scalable 
> and secure in this environment, with proper care and tuning.
>
> Michael
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
I sometimes use rpm's or tar files to represent large attributes.
M.




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux