Re: ldapi vs ldap

On Fri, 16 Mar 2012 22:07:36 +0200, Nick Milas nick@eurobjects.com wrote:

we are replicating locally and applications connect using: ldap://localhost.

We are considering using ldapi://localhost instead.

ldapi://<URL-escaped socket filename>. See '-h' in man 8 slapd.

Would there be any performance / reliability pros/cons?

Should be pro, if there is a difference.

Performance: The knowledge that transmitted data was always in your system's memory might drill deeper into caching/buffering policies.

Reliability: I don't know of any difference.

Security: In addition to ordinary slapd ACLs, you can use filesystem permissions to control access, and most systemss let you Bind with SASL/EXTERNAL to get a Bind DN based on the client process' uid/gid.