Re: Broken opendkim caching of LDAP result

From: Rolf E. Sonneveld <R.E.Sonneveld_at_sonnection.nl>
Date: Tue, 08 May 2012 01:01:21 +0200

On 5/7/12 11:44 PM, Quanah Gibson-Mount wrote:
> --On Monday, May 07, 2012 11:16 PM +0200 "Rolf E. Sonneveld"
> <R.E.Sonneveld_at_sonnection.nl> wrote:
>
>> In the past I integrated Postfix with Active Directory via ldap maps,
>> without caching. The amount of LDAP queries to AD regularly gave
>> problems, as AD could not cope with the query rate. Caching would have
>> solved this problem.
>
> AD's inability to be a real LDAP server doesn't make my point any less
> valid.

It was just to give an example of a situation in which LDAP caching
might be useful.

> LDAP is designed for fast, scalable reads.

Right, and in some situations LDAP caching might aid to achieve this
design goal, just like deploying mdb, designing a LDAP topology with
LDAP masters and read-only replica's to spread the load of reads and
writes etc. Suppose you have a customer using OpenDKIM to sign millions
of messages a day for only a handful of d=domainname's. Why not use LDAP
caching in this scenario? I'm glad we have a choice. Now the next
question is: what are the LDAP caching characteristics within OpenDKIM
and what can be tuned/tweaked?

/rolf
Received on Mon May 07 2012 - 22:53:52 PST