openstack team mailing list archive
Mailing list archive
Re: Redis vs OpenLDAP?
Can you be more specific about 'slapd showing problems under load'?
On Wed, Oct 6, 2010 at 4:26 PM, Joshua McKenty <jmckenty@xxxxxxxxxxxx> wrote:
> Be careful taking Jay's word as canonical - there's been no official
> decision to "remove redis", simply a decision to support an alternate,
> SQL-backed ORM system. It's a topic for the upcoming design summit, as far
> as I know.
> But for user auth, yeah - LDAP is the intended protocol and solution
> (although slapd has been showing problems under load.)
> On Wed, Oct 6, 2010 at 5:35 PM, Mika Kohonen <mika.kohonen.1986@xxxxxxxxx>
>> Thank you. I will get rid of Redis.
>> On Wed, Oct 6, 2010 at 3:22 PM, Jay Pipes <jaypipes@xxxxxxxxx> wrote:
>> > On Wed, Oct 6, 2010 at 10:32 AM, Mika Kohonen
>> > <mika.kohonen.1986@xxxxxxxxx> wrote:
>> >> Hi all,
>> >> I'm having a look at the Nova platform and I must admit I'm impressed.
>> >> I'm testing different configurations and I don't understand what are
>> >> exactly the benefits of using Redis vs OpenLDAP.
>> > Don't think too much about it :) Redis is being entirely removed.
>> >> The default configuration is Redis based, but from a classic system
>> >> administrator perspective, OpenLDAP is much more mature and I know
>> >> about it, but Redis is new, looks sexy, but I don't know if it's worth
>> >> to use it instead of OpenLDAP.
>> > OK, so right now there is a FakeLDAP driver that uses Redis to store
>> > LDAP DNs. This is being rewritten to remove the Redis dependency.
>> > The real LDAPdriver in /nova/auth/ldapdriver.py uses the plain old
>> > python-ldap module to connect to a real LDAP store. Whether you use
>> > OpenLDAP or some other LDAP driver under the covers is completely up
>> > to you. :)
>> >> Thinking in the long term, can you give some hints about the roadmap
>> >> of Nova and if I should go with Redis instead of OpenLDAP?
>> > See above. It's not about Redis vs. OpenLDAP. :) AFAIK, Nova uses
>> > slapd (the OpenLDAP LDAP daemon) as the default LDAP daemon if you
>> > don't use the "faked" LDAP driver.
>> > -jay
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp