LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   LDAP versus local authentication (https://www.linuxquestions.org/questions/linux-newbie-8/ldap-versus-local-authentication-4175430068/)

kevinyeandel 10-02-2012 10:09 AM
LDAP versus local authentication
 
Have been looking on google for some answers here and found various technical papers/posts but what I would like to find is some sort of tests in terms of a general speed comparison between local authentication and LDAP authentication.

Anyone else done any measuring?

Many thanks
Kevin

acid_kewpie 10-02-2012 10:30 AM
the backend server will affect the speed a lot, depending on its load etc., I've certainly never experienced any notable issues with a correctly configured ldap server at all, although there's bound to be a few extra milliseconds in the equation here and there. Pessimistically, I'd guess an overhead of .2 second maybe?

TB0ne 10-02-2012 11:03 AM
Quote:
Originally Posted by kevinyeandel (Post 4794997)
Have been looking on google for some answers here and found various technical papers/posts but what I would like to find is some sort of tests in terms of a general speed comparison between local authentication and LDAP authentication.

Anyone else done any measuring?

Many thanks
Kevin
Agree with acid_kewpie...but I'll go a bit further, and say there are FAR too many variables to ever be able to produce a valid test. For example, if you have local authentication with one hard drive, and that drive is being hammered by a fierce database query, it's going to be slower than accessing an LDAP server. If that LDAP server is a single, underpowered box on a slow network segment, being hit by 1,000 users at once...then THAT will be slower.

I'd say that under normal circumstances, the speed of either will be about the same. A typical user shouldn't notice much of a difference between the two.

kevinyeandel 10-03-2012 01:18 AM
Quote:
Originally Posted by TB0ne (Post 4795044)
Agree with acid_kewpie...but I'll go a bit further, and say there are FAR too many variables to ever be able to produce a valid test. For example, if you have local authentication with one hard drive, and that drive is being hammered by a fierce database query, it's going to be slower than accessing an LDAP server. If that LDAP server is a single, underpowered box on a slow network segment, being hit by 1,000 users at once...then THAT will be slower.

I'd say that under normal circumstances, the speed of either will be about the same. A typical user shouldn't notice much of a difference between the two.
Hi thanks guys.

Typical user is not a problem and all 3000 users are LDAP authenticated. The check password program might be used internally by the application more than we know about (its EMC/Documentum Content Server). EMC don't have an answer and their manuals are vague saying app can be installed using domain users but it seems that could only be applicable to Windows and its unclear if it will apply to Unix as the two check_password executables work very differently.

I know the company tried it with a SAP application and ended up getting a waiver from security. I think too many back end hits on the LDAP and performance generally diminished to an unacceptable extent. We want to avoid a repeat of that as it is a GxP/regulated system so a lot of paperwork.

I will recompile/wrap the check password program with logging and see how many hits/timings and as soon as I get an LDAP account I'll put some Perl round a bind or something like that and get timings from that.

Thanks for input which is most appreciated.
Kevin


All times are GMT -5. The time now is 07:25 PM.