Ian Collins wrote:
On 07/23/10 03:28 AM, Isaac Hailperin wrote:
One disadvantage of 1 is your database will grow and your searches will become slower.
LDAP isn't really the place for archival data, if you want to preserve it export the LDIF for the user and archive that.
Exporting each "deleted" user to a seperate LDIF file will make the server faster for regular searches, but it will be much slower if I want to check if a new username has ever been used (something which I want to avoid).
But if I understand correct, the search can be restricted to a certain subtree. So if I would archive in a different subtree, the frequent, regular searches will stay fast. And the not so frequent searches for all usernames that have ever been issued will be a bit slower, because it will also incorporate the archive subtree. But that archive subtree should still be much faster to query then hundreds of files, because they all live in a single file (or maybe just a few, depending on the db backend I guess).
Any thoughts on this?
I still think you are using the wrong tool for the job. LDAP isn't a general database tool, keep your archives and user management logic in a separate application.
You could move leavers to another branch, but you would have to delete the entries and create new ones to update their dn, so you may as well move them somewhere else!
You don't have to delete and re-create - just Move.
Frankly in OpenLDAP either approach would work fine and there would be no measurable performance difference assuming your cache and indexing are configured properly.
LDAP *is* a database. Not "general" in that it is optimized for hierarchical data instead of tabular data, but aside from that, there's no reason not to use it as a long term store. (And relational databases are by no means general either, since they are only optimal for tabular data, not hierarchical or recursive data...)