LDAP Accounting

Phil Mayers p.mayers at imperial.ac.uk
Tue Dec 11 13:03:54 CET 2012

On 11/12/12 11:31, Kostas Kalevras wrote:

> It's not an abuse but mainly not 'best-practice'. A well configured LDAP

I hate that phrase. No offence, but it's often used as a substitute for 
critical thinking.

*Everything* that is best practice eventually... isn't. And usually, it 
turns out that the "new" best practice was around for ages before anyone 
realised it.

Case in point: RADIUS is used for things which the original designers 
couldn't have anticipated, and for which, arguably, it's not terribly 
well designed. But it *works*.

> server with enough cache memory will be bottlenecked by memory and
> network speed and not by underlying I/O. A frequent writes strategy
> invalidates most of these performance gains since an entry write will
> invalidate entry and database cache entries.

Really? Why?

LDAP doesn't provide MVCC semantics. As far as I can see, an LDAP update 
contains all the information required to update (not invalidate) in-RAM 

To be clear: I don't use LDAP for data storage. I dislike it's data 
model, and the data typing in particular. But I don't see any reason it 
should be consigned to the "read-mostly" bin on a *theoretical* basis.

More information about the Freeradius-Devel mailing list