LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-02-2012, 10:09 AM   #1
kevinyeandel
Member
 
Registered: Jun 2008
Posts: 49

Rep: Reputation: 16
LDAP versus local authentication


Have been looking on google for some answers here and found various technical papers/posts but what I would like to find is some sort of tests in terms of a general speed comparison between local authentication and LDAP authentication.

Anyone else done any measuring?

Many thanks
Kevin
 
Old 10-02-2012, 10:30 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
the backend server will affect the speed a lot, depending on its load etc., I've certainly never experienced any notable issues with a correctly configured ldap server at all, although there's bound to be a few extra milliseconds in the equation here and there. Pessimistically, I'd guess an overhead of .2 second maybe?
 
1 members found this post helpful.
Old 10-02-2012, 11:03 AM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,990

Rep: Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316Reputation: 4316
Quote:
Originally Posted by kevinyeandel View Post
Have been looking on google for some answers here and found various technical papers/posts but what I would like to find is some sort of tests in terms of a general speed comparison between local authentication and LDAP authentication.

Anyone else done any measuring?

Many thanks
Kevin
Agree with acid_kewpie...but I'll go a bit further, and say there are FAR too many variables to ever be able to produce a valid test. For example, if you have local authentication with one hard drive, and that drive is being hammered by a fierce database query, it's going to be slower than accessing an LDAP server. If that LDAP server is a single, underpowered box on a slow network segment, being hit by 1,000 users at once...then THAT will be slower.

I'd say that under normal circumstances, the speed of either will be about the same. A typical user shouldn't notice much of a difference between the two.
 
1 members found this post helpful.
Old 10-03-2012, 01:18 AM   #4
kevinyeandel
Member
 
Registered: Jun 2008
Posts: 49

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by TB0ne View Post
Agree with acid_kewpie...but I'll go a bit further, and say there are FAR too many variables to ever be able to produce a valid test. For example, if you have local authentication with one hard drive, and that drive is being hammered by a fierce database query, it's going to be slower than accessing an LDAP server. If that LDAP server is a single, underpowered box on a slow network segment, being hit by 1,000 users at once...then THAT will be slower.

I'd say that under normal circumstances, the speed of either will be about the same. A typical user shouldn't notice much of a difference between the two.
Hi thanks guys.

Typical user is not a problem and all 3000 users are LDAP authenticated. The check password program might be used internally by the application more than we know about (its EMC/Documentum Content Server). EMC don't have an answer and their manuals are vague saying app can be installed using domain users but it seems that could only be applicable to Windows and its unclear if it will apply to Unix as the two check_password executables work very differently.

I know the company tried it with a SAP application and ended up getting a waiver from security. I think too many back end hits on the LDAP and performance generally diminished to an unacceptable extent. We want to avoid a repeat of that as it is a GxP/regulated system so a lot of paperwork.

I will recompile/wrap the check password program with logging and see how many hits/timings and as soon as I get an LDAP account I'll put some Perl round a bind or something like that and get timings from that.

Thanks for input which is most appreciated.
Kevin
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
rhel6 sssd ldap for authentication and local files for userNumber (unix uid). mwd Linux - Enterprise 1 08-22-2011 07:14 AM
[SOLVED] Apache authentication: allow LDAP group OR user named guest, but not all LDAP users AlucardZero Linux - Server 1 05-25-2011 03:21 PM
Kerberos, LDAP, THEN Local authentication? cckid Linux - Server 2 10-20-2009 01:41 PM
LDAP authentication without local account viveksnv Linux - Security 2 10-12-2009 07:39 PM
LDAP Authentication w/ Local User Information Adrian W Linux - Security 13 08-17-2004 11:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration