After using OpenLDAP for years I decided to research and test the new features of OpenLDAP 2.4. In the past I have always been accustom to making changes in the slapd.conf file, then restarting the server to realize changes, it's just the way things are done. All that has changed with the new version if you decide to utilize the cn=config feature. Replication in a master/slave configuration was always the norm when someone wanted to have a backup ldap server, I have even set it up to do master/slave and slave/master so there could be more redundancy. Now the Syncrepl mechanism supports many methods of replication which make OpenLDAP 2.4 superior to older versions and it also has quite a few advantages over Active Directory.
The best major advantages of 2.4 are the following:
Performance has been enhanced greatly. The speed of the database is only limited by the memory bandwidth of the machine. Searches are almost instant even on large databases.
The cn=config backend allows you to modify, delete, or add almost all runtime settings and schema where changes take effect immediately, no downtime required.
Now Syncrepl is greatly enhanced in quite a few ways. Replicating slapd config is now possible with Syncrepl and cn=config that will allow you to fully replicate an entire server to another server or many other servers. Delta-syncrepl addresses bandwidth concerns, ensures ordered updates, and falls back to plain Syncrepl if a consumer looses sync with the log. Push-Mode Replication is another feature of the syncrepl mechanism which allows a syncrepl consumer sitting on lack-ldap. MultiMate replication supports full N-Way replication and conflict resolution.
Some other notable features that are new:
Enhanced TLS configuration allows settings to be individually configure per-item so you can have different certificates for different clients.
There are new overlays for slap-constraint, slapo-dds, slapo-memberof, and some new features in existing overlays.
Monitoring of back-*db cache fil-in, non-indexed searches.
There is now session tracking control, sub tree delete in back-sql.
Values in multi-valued attributes are sorted for faster matching.
I am quite impressed with the new OpenLDAP 2.4 offerings and feel that there should be many people who are prepared to upgrade to 2.4 and reap the benefits of doing so.
No comments:
Post a Comment