[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Zimbra 8.0 LDAP highlights

To: zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
Subject: Zimbra 8.0 LDAP highlights
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Wed, 05 Sep 2012 11:42:48 -0700
List-help: <mailto:zimbra-hied-admins-request@sfu.ca?subject=help> (List Instructions)
List-id: <zimbra-hied-admins.sfu.ca>
List-owner: <mailto:owner-zimbra-hied-admins@sfu.ca>
List-unsubscribe: <mailto:zimbra-hied-admins-request@sfu.ca?subject=unsubscribe>

Hi folks,

I wanted to note some highlights of changes in Zimbra 8.0 in relation toLDAP, prompted in part by the recent discussion on this list about ldapperformance, as some of the solutions to issues in 7.x do not apply to 8.xinstallations.

The first major change for 8.x to cover is that the java interface forconnecting to LDAP has been replaced. In 7.x and previous we use JNDI. In8.x, we have switched to using the UnboundID SDK. One of the significantdifferences between JNDI and the UnboundID SDK is that connection poolswith startTLS are supported. This means that making the following changesto localconfig are no longer necessary to improve performance:


ldap_common_require_tls = 0
ldap_starttls_required = false
zimbra_require_interprocess_security = 0

Another significant difference between JNDI and the UnboundID SDK is thatthe UnboundID SDK can actually count to 30 seconds, whereas JNDI wouldrandomly consider the span of time from 0 seconds to 1 second to be 30 fullseconds, causing read timeouts when configured to use a 30 second timeout.This timer is controlled by the ldap_read_timeout localconfig key. It cannow be used reliably with the UnboundID SDK.

There have also been some major changes to the LDAP server. The oldBerkeley DB database backend has been replaced in 8.x with the new MDBdatabase backend. MDB is a new database written by Howard Chu, who is alsothe primary OpenLDAP developer. You can read more about MDB here if youare curious: <http://highlandsun.com/hyc/mdb/>

The main implication of changing to MDB is that database configuration issubstantially less complex than with BDB. You can compare the tuning wikishere:

<https://wiki.zimbra.com/wiki/OpenLDAP_Performance_Tuning> (7.x andprevious tuning wiki)<https://wiki.zimbra.com/wiki/OpenLDAP_Performance_Tuning_8.0> (8.x andlater tuning wiki)


Also a quick comparison of the full tuning key wikis:

<https://wiki.zimbra.com/wiki/OpenLDAP_Tuning_Keys> (7.x and previoustuning keys)<https://wiki.zimbra.com/wiki/OpenLDAP_Tuning_Keys_8.0> (8.x and latertuning keys)

Finally, what is likely the largest change for LDAP in ZCS 8.x, is theadded support for multi-master replication. If this feature interests you,you can check out the wiki on configuring it at<https://wiki.zimbra.com/wiki/LDAP_Multi_Master_Replication>


Regards,
Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: multiple Mail.app instances fighting
Next by Date: Re: multiple Mail.app instances fighting
Previous by thread: multiple Mail.app instances fighting
Next by thread: No Zimbra at Educause this year
Index(es):
- Date
- Thread