Comparison of LDAP / Directory Servers – Update

Almost two months ago I wrote a post about some directory servers I was testing, mostly I wrote about some early testing that I had done with OpenDS and OpenLDAP.  Those test results showed OpenDS performing better than OpenLDAP in an out of the box testing scenario.  I got some feedback from different folks, including Howard Chu who has been involved with OpenLDAP.  While I didn’t follow up directly with Howard on his tuning comments, I did do some tuning of both OpenLDAP and OpenDS.   I don’t have all of the test results in a presentable format, but I do have some additional findings.

Improving Performance

Both of these directory servers come tuned for developer use out of the box, which is to say that they are not really tuned in any way at all.  Instead they are configured to use as small a footprint as possible.  This makes a lot of sense, since the developers have no idea how much memory or process power you have and make an assumption that the first time you use it you are trying it out in an development or test environment.

Once I spent some more time on the OpenDS and OpenLDAP sites and tweaking the configuration of each, I was able to show improved performance in each.  Given the nature of our implementation, only a couple of hundred records right now and a fairly low number of requests, the performance difference between the two was negligible.   It is possible that we might see some more significant difference with a larger number of requests and more entries.

You can find more tuning information for OpenLDAP at: http://www.openldap.org/faq/data/cache/190.html

More tuning information for OpenDS is here:  https://www.opends.org/wiki/page/HowToTunePerformance

The Verdict – Take 2

Given the results were so close, did that alter my preference for OpenDS?  Nope.  We have been very happy with the test results and features from OpenDS.   OpenDS also fits very well into our architecture and technology stack.  Personally I am very comfortable with the tools and documentation for OpenDS, and the OpenDS team continues to improve both.

Final Thoughts

OpenDS works very well for us and matches what were were looking for very well, both from a technology standpoint and a community standpoint.  The OpenDS developers and community members are all very friendly and helpful.  They continue to make improvements in the software and documentation.

Having said that, there may be reasons why you would choose one of the other directory servers, so while you may use my experience as a guide, make sure that you compare the features, technology stack, and architecture to your own requirements.

I would recommend evaluating not only OpenDS, but also OpenLDAP, ApacheDS, and others such as Red Hat / Fedora Directory Server.  If you are in a Windows shop, any of the LDAP servers will work for you, but certainly Active Directory should be considered.  I also have a high level of respect for Novell’s eDirectory.  If you have a very large deployment, the eDirectory might be something you really want to consider.  Keep in mind that both Active Directory and eDirectory are both LDAP-compliant servers that offer features beyond an LDAP server, and may in fact differ from the LDAP specification in some areas.

Advertisements

2 Responses to “Comparison of LDAP / Directory Servers – Update”

  1. J-C Says:

    It’s been almost 2 and half years since your last post regarding LDAP servers…. I was wondering if anyone has recent experience with all the various distributions available. Is Oracle backing up openDS? Is the 1.5 release of apacheDS provides good performance tweaks (like you mentioned in your initial post)?

    We are looking at something easy to manage for a small number of users. For the moment we are comparing the pure Java implementations. Any pointer to guide us would be greatly appreciated.

    Thanks

  2. Max- Says:

    Few months ago I had some experience with OpenDS, OpenLDAP and ApacheDS.
    I was in charge of choosing the right LDAP server for our CA.
    Here are my results.

    ApacheDS.
    =========

    I liked it very much at first, but soon I’ve encountered some limitation: it couldn’t handle the CRL attributes the right way. I tried to talk on the mailing list and they told me that there was some problem with the binary attributes.
    That made me decide ApacheDS was a very good product with very good supported but it is still not mature enough for production.

    OpenDS
    =======

    We started our production environment with OpenDS since it was much easier than OpenLDAP to configure. For the first months everything went good… Than we started having weird behaviour: the replication stopped working, the replicas didn’t get updates, the ldif files got corrupted… We had to change LDAP server.

    OpenLDAP
    =========

    We migrated our CA to OpenLDAP and I have to admit it wasn’t really so hard to configure…
    Now it works like a charm and I found it to be MUCH FASTER than OpenDS.
    Never had any problem with the replication (Hope these won’t be the famous last words!!!).


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: