FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-19-2008, 02:56 AM
Michael Brown
 
Default LDAP Load Tools

Hello All

Can anyone point me to load generation tools specific to LDAP? Do they even exist? I'm working with an RHDS customer (currently RHDS 7.1sp3, hopefully moving to sp6 soon, or RHDS 8) with large attribute requirements (some attributes 25-30 Mbytes) who wants to do some modeling of performance in the lab so that memory sizing and configuration is less of a issue in production. Ideally the tool(s) would incorporate multiple threads, and configurable simultaneous writes and reads/searches of multiple nodes. However, I will settle for anything less than ideal at this point.

Thanks

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 06-19-2008, 04:53 AM
Nathan Kinder
 
Default LDAP Load Tools

Michael Brown wrote:

Hello All

Can anyone point me to load generation tools specific to LDAP? Do
they even exist? I'm working with an RHDS customer (currently RHDS
7.1sp3, hopefully moving to sp6 soon, or RHDS 8) with large attribute
requirements (some attributes 25-30 Mbytes) who wants to do some
modeling of performance in the lab so that memory sizing and
configuration is less of a issue in production. Ideally the tool(s)
would incorporate multiple threads, and configurable simultaneous
writes and reads/searches of multiple nodes. However, I will settle
for anything less than ideal at this point.
There's the ldclt tool that's included with the fedora-ds-base package.
It uses multiple threads and is fairly flexible in the operations that
you can perform with it. Another popular tool is SLAMD, which is more
advanced than ldclt.


-NGK


Thanks

------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 06-19-2008, 07:47 AM
Michael Ströder
 
Default LDAP Load Tools

Michael Brown wrote:
I'm working with an RHDS customer (currently RHDS 7.1sp3,
hopefully moving to sp6 soon, or RHDS 8) with large attribute
requirements (some attributes 25-30 Mbytes)


Never saw a deployment where you store several MB into attributes. I'm
really curious whether that works? I know you can store this amount of
data but whether it really works for many entries.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 06-19-2008, 01:44 PM
"Sanga M. Collins"
 
Default LDAP Load Tools

I think the deployment guide suggests you use pointers instead of loading large pieces of data into the directory

Sanga M. Collins
Network Engineering
~~~~~~~~~~~~~~~~~~~~~~~
IT Management LLC
6491 Sunset Strip #5,
Sunrise Fl, 33313
Tel: (954) 572 7411,
Fax: (435) 578 7411


-----Original Message-----
From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Michael Ströder
Sent: Thursday, June 19, 2008 3:48 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] LDAP Load Tools

Michael Brown wrote:
> I'm working with an RHDS customer (currently RHDS 7.1sp3,
> hopefully moving to sp6 soon, or RHDS 8) with large attribute
> requirements (some attributes 25-30 Mbytes)

Never saw a deployment where you store several MB into attributes. I'm
really curious whether that works? I know you can store this amount of
data but whether it really works for many entries.

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 06-19-2008, 02:15 PM
Michael Brown
 
Default LDAP Load Tools

Sanga M. Collins wrote:

I think the deployment guide suggests you use pointers instead of loading large pieces of data into the directory

Sanga M. Collins
Network Engineering

~~~~~~~~~~~~~~~~~~~~~~~
IT Management LLC
6491 Sunset Strip #5,
Sunrise Fl, 33313
Tel: (954) 572 7411,
Fax: (435) 578 7411



-----Original Message-----
From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Michael Ströder
Sent: Thursday, June 19, 2008 3:48 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] LDAP Load Tools

Michael Brown wrote:

I'm working with an RHDS customer (currently RHDS 7.1sp3,
hopefully moving to sp6 soon, or RHDS 8) with large attribute
requirements (some attributes 25-30 Mbytes)



Never saw a deployment where you store several MB into attributes. I'm
really curious whether that works? I know you can store this amount of
data but whether it really works for many entries.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



As an FYI... The issue in the environment in which I'm working is not a
data at rest issue for the large attributes, but rather a replication
and writing issue.


This is a US Government customer who has deployed a large PKI and LDAP
infrastructure based upon the Red Hat CA and DS products, and they have
several CA's with large certificate revocation lists approaching several
tens of Mbytes each (the customer has issued tens of million of certs
from all the CAs deployed, and has revoked > 20% of these prior to
expiration at any one time for various reasons, thus the large CRLs).
These CRLs are published to Red Hat DS instances in the
certificateRevocationList;binary attribute in the entry for each CA and
replicated to consumer DS instances and customers who require the CRLs.
OCSP is also used, but CRLs are still required for many applications.


This is a reasonably mature architecture as far as PKI and LDAP are
concerned, first deployed in 1999 or thereabouts (think Netscape days),
but the large CRL growth has been problematic both in generation and in
publishing/replication at times. The publishing and replication tuning
is what I'm trying to address with additional lab testing.


The Red Hat CA and DS solutions have shown themselves to be scalable and
secure in this environment, with proper care and tuning.


Michael

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 06-19-2008, 02:21 PM
Marc Sauton
 
Default LDAP Load Tools

Michael Brown wrote:

Sanga M. Collins wrote:
I think the deployment guide suggests you use pointers instead of
loading large pieces of data into the directory


Sanga M. Collins Network Engineering
~~~~~~~~~~~~~~~~~~~~~~~
IT Management LLC
6491 Sunset Strip #5, Sunrise Fl, 33313
Tel: (954) 572 7411, Fax: (435) 578 7411


-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Michael Ströder

Sent: Thursday, June 19, 2008 3:48 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] LDAP Load Tools

Michael Brown wrote:

I'm working with an RHDS customer (currently RHDS 7.1sp3, hopefully
moving to sp6 soon, or RHDS 8) with large attribute requirements
(some attributes 25-30 Mbytes)



Never saw a deployment where you store several MB into attributes.
I'm really curious whether that works? I know you can store this
amount of data but whether it really works for many entries.


Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



As an FYI... The issue in the environment in which I'm working is not
a data at rest issue for the large attributes, but rather a
replication and writing issue.


This is a US Government customer who has deployed a large PKI and LDAP
infrastructure based upon the Red Hat CA and DS products, and they
have several CA's with large certificate revocation lists approaching
several tens of Mbytes each (the customer has issued tens of million
of certs from all the CAs deployed, and has revoked > 20% of these
prior to expiration at any one time for various reasons, thus the
large CRLs). These CRLs are published to Red Hat DS instances in the
certificateRevocationList;binary attribute in the entry for each CA
and replicated to consumer DS instances and customers who require the
CRLs. OCSP is also used, but CRLs are still required for many
applications.


This is a reasonably mature architecture as far as PKI and LDAP are
concerned, first deployed in 1999 or thereabouts (think Netscape
days), but the large CRL growth has been problematic both in
generation and in publishing/replication at times. The publishing and
replication tuning is what I'm trying to address with additional lab
testing.


The Red Hat CA and DS solutions have shown themselves to be scalable
and secure in this environment, with proper care and tuning.


Michael

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

I sometimes use rpm's or tar files to represent large attributes.
M.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 06-19-2008, 03:08 PM
"Edward Capriolo"
 
Default LDAP Load Tools

I see there is much work on the LDAP schema side to support PKE and
such tools. However I rarely find documents about how it is
incorporated into a Linux sign on system namely SSH. Can anyone point
towards good documentation ?

I find information on:
Roumen Petrov's OpenSSH X.509 patch
http://roumenpetrov.info/openssh/
The information seems a little bit vague.

Is there a document that shows how to:
1) setup a PKI infrastructure in LDAP.
2) Generate a CA and store it in LDAP
3) Generate client certificates and store them in LDAP
4) Compile and patch ssh server
5) Setup and configure ssh server



I was able to get openssh-lpk up and running quickly. However stores
public keys in LDAP. It is not a complete PKI . With revocation lists
etc.

Since PKI is being used in wide range large scale deployments there
should be some strong documentation on it? PKI + SSH + LDAP?
On Thu, Jun 19, 2008 at 10:21 AM, Marc Sauton <msauton@redhat.com> wrote:
> Michael Brown wrote:
>>
>> Sanga M. Collins wrote:
>>>
>>> I think the deployment guide suggests you use pointers instead of loading
>>> large pieces of data into the directory
>>>
>>> Sanga M. Collins Network Engineering
>>> ~~~~~~~~~~~~~~~~~~~~~~~
>>> IT Management LLC
>>> 6491 Sunset Strip #5, Sunrise Fl, 33313
>>> Tel: (954) 572 7411, Fax: (435) 578 7411
>>>
>>>
>>> -----Original Message-----
>>> From: fedora-directory-users-bounces@redhat.com
>>> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Michael
>>> Ströder
>>> Sent: Thursday, June 19, 2008 3:48 AM
>>> To: General discussion list for the Fedora Directory server project.
>>> Subject: Re: [Fedora-directory-users] LDAP Load Tools
>>>
>>> Michael Brown wrote:
>>>
>>>>
>>>> I'm working with an RHDS customer (currently RHDS 7.1sp3, hopefully
>>>> moving to sp6 soon, or RHDS 8) with large attribute requirements (some
>>>> attributes 25-30 Mbytes)
>>>>
>>>
>>> Never saw a deployment where you store several MB into attributes. I'm
>>> really curious whether that works? I know you can store this amount of data
>>> but whether it really works for many entries.
>>>
>>> Ciao, Michael.
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>> As an FYI... The issue in the environment in which I'm working is not a
>> data at rest issue for the large attributes, but rather a replication and
>> writing issue.
>>
>> This is a US Government customer who has deployed a large PKI and LDAP
>> infrastructure based upon the Red Hat CA and DS products, and they have
>> several CA's with large certificate revocation lists approaching several
>> tens of Mbytes each (the customer has issued tens of million of certs from
>> all the CAs deployed, and has revoked > 20% of these prior to expiration at
>> any one time for various reasons, thus the large CRLs). These CRLs are
>> published to Red Hat DS instances in the certificateRevocationList;binary
>> attribute in the entry for each CA and replicated to consumer DS instances
>> and customers who require the CRLs. OCSP is also used, but CRLs are still
>> required for many applications.
>>
>> This is a reasonably mature architecture as far as PKI and LDAP are
>> concerned, first deployed in 1999 or thereabouts (think Netscape days), but
>> the large CRL growth has been problematic both in generation and in
>> publishing/replication at times. The publishing and replication tuning is
>> what I'm trying to address with additional lab testing.
>>
>> The Red Hat CA and DS solutions have shown themselves to be scalable and
>> secure in this environment, with proper care and tuning.
>>
>> Michael
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> I sometimes use rpm's or tar files to represent large attributes.
> M.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 12:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org