On 1/15/08, Richard Chycoski wrote:
Compared to what? AD is one of the *fastest* LDAP servers at delivering this kind of authentication data (individual entries from around 200-300k entries, for example), and since Windows 2003 even does a passable/ respectable job of delivering large-directory data (larger entries from millions of records) if you configure it for that kind of data retrieval.
Howard knows this better than anyone, since he is the "Chief Architect, Developer" for OpenLDAP but may not feel like he can beat his own chest on this topic, I would like to point out the pages at <http://www.openldap.org/doc/admin24/appendix-changes.html#Performance%20enhancements>, as well as the presentation at <http://www.openldap.org/pub/hyc/scale2007.pdf>. In the PDF slides, pay particular attention to pages 25 and 39, as well as the additional data at <http://www.symas.com/benchmark.shtml>.
Unless you can prove that your software can search over 500k entries per second at a data rate of about 3.5GB/sec on a machine with a memory bandwidth of about 4GB/sec, I wouldn't be touting the performance of your preferred software as one of the reasons to choose it over anything else.
Your preferred software may have features like better Windows integration, but it most likely does not have higher performance when compared against more recent versions of OpenLDAP.
-- Brad Knowles <brad@xxxxxxxxxxxxxxxxx> LinkedIn Profile: <http://tinyurl.com/y8kpxu>