1 |
On Wed, May 18, 2005 1:45 pm, paul kölle said: |
2 |
> we are in the process setting up a new server (on gentoo) for the usual |
3 |
> web/mail/db stuff with cyrus/postfix/apache/mysql/subversion/... We'd |
4 |
> like to store all accounts in a backend that can be shared by more than |
5 |
> one host and run in an replicated server/slave setup so that one machine |
6 |
> can takeover the service if the other fails. |
7 |
> |
8 |
> I've looked around and it seems there is a general choice of using ldap |
9 |
> or mysql for this. |
10 |
|
11 |
I assume you mean OpenLDAP... |
12 |
|
13 |
The key difference is performance. A web application will typically do an |
14 |
authorization every time the user hits a page. That's a lot of lookups - a |
15 |
lot of hits to the database. On the other hand, updates to an |
16 |
authorization database are relatively rare. OpenLDAP, as an |
17 |
authentication/authorization tool, is tuned for extremely fast lookups. |
18 |
The whole way the database is indexed and stored on disk is to provide |
19 |
lightning fast lookups. However, it's quite slow for updates. Mysql is a |
20 |
general purpose database. It is tuned quite well for both lookups and |
21 |
updates. It is much faster than OpenLDAP for updates, but can't even come |
22 |
close for lookups. |
23 |
|
24 |
That being said, with today's hardware, unless you are expecting a lot of |
25 |
traffic, either one will do. Unless under load, mysql will respond in |
26 |
milliseconds. However, if load is a concern, OpenLDAP might save you on |
27 |
hardware costs (don't have to buy as many servers), and it will not add |
28 |
any latency to you web transactions. But mysql is probably easier to |
29 |
manage, especially if you already know SQL. |
30 |
|
31 |
-Eric |
32 |
|
33 |
-- |
34 |
arctic bears - email and dns services |
35 |
http://www.arcticbears.com |
36 |
|
37 |
-- |
38 |
gentoo-server@g.o mailing list |