Howard Chu @ SymasMay 15

"389-DS (Red Hat Directory Server) is the production choice for >1M entries — purpose-built for large directories with a dedicated replication engine" https://linuxcent.com/tag/openldap/

Pure BS. #OpenLDAP serves millions of queries per second with DBs with over a billion users. 389DS doesn't even manage 1/10th of that.

389DS's /RedHatDS's underlying tech was so outdated they had to abandon it all and adopt OpenLDAP's libraries just to stay functional. Their core server is still garbage even with that.

OpenLDAP Archives - Linuxcent

Linuxcent
Show threadHoward Chu @ SymasMay 15

When other servers were advertising sub-second response times #OpenLDAP was already delivering microsecond response times. We had to update our libraries to use nanosecond resolution timestamps because we're now delivering sub-microsecond performance. Years ahead of *everyone* else in the computing industry. Anyone claiming a better scaling/performance story than OpenLDAP is outright lying.

* We broke the microsecond barrier back in 2015: https://lists.openldap.org/hyperkitty/list/[email protected]/thread/KLNMUTAI2VF4GUVPR7XJATSOT4PQ7WYC/#OHN3EDU5ZWJFABLFKODT2MEF36WGXSXQ

Re: openldap.git branch master updated. 2d5996ac603391ddbd618425f88eb13e5e0e2cc0 - openldap-devel - openldap.org

Show threadHoward Chu @ SymasMay 15

The only reason FreeIPA uses 389DS instead of OpenLDAP is because RedHat paid $25M to acquire Netscape's assets and they needed to protect their investment from being cannibalized by OpenLDAP. That's also why they explicitly rejected the OpenLDAP Project's contribution of patches to support OpenLDAP in FreeIPA.

Not because OpenLDAP lacked the necessary features or performance. Because they knew nobody would use their decrepit old server if given a choice. https://mastodon.social/@hyc/115834028708458926

Show threadHoward Chu @ SymasMay 15

Fyi, the email thread where using OpenLDAP for FreeIPA was discussed appears to have been scrubbed from Red Hat's email archives. A reference to it is here in 2009 https://lists.openldap.org/hyperkitty/list/[email protected]/message/PJ3AEDS42JWGM2CJRNSQB4VUCN2WDKWS/ but RedHat's own archives only go back to 2017 now.

One reason we still prefer email lists in the OpenLDAP Project is knowledge is shared and preserved indefinitely. The whole point of open source is sharing knowledge. I guess Red Hat doesn't care about that, either.

Member-of plugin support for nested membership - openldap-technical - openldap.org

Show threadHoward Chu @ Symas

Ah, archive.org still has most of it. https://web.archive.org/web/20190727013018/https://www.redhat.com/archives/freeipa-devel/2009-June/msg00300.html

"Pros on OpenLDAP:
* It'll make FreeIPA mor "standard"
* It'll help adding better support on other LDAP implementations
* Shoter TTM for having "FreeIPA Server" in Ubuntu

Cons on OpenLDAP:
* It'll lower the need for 389DS
* Some features available in 389DS will be missing (and when available
they won't be so stable)"

Re: [Freeipa-devel] Ubuntu interests in FreeIPA

May 15 at 10:01amWeb
Show threadAlexander BokovoyMay 16
@hyc IIRC, there were two problems: spammers flooded community mailing lists to the point that it was almost impossible to handle that and the second issue was migration of the Red Hat's malining lists off mailman to other platform. We ended up migrating mailing lists to Fedora's mailman. To date, freeipa-users@ is in top three most active mailing lists in Fedora community. Loss of original archives was a sad history.
Show threadHoward Chu @ SymasMay 16
@abbra I can understand how the spammer issue could cause problems but... we've migrated OpenLDAP's mailing list systems twice between then and now, and we still migrated all the archives each time. Without preserving that shared knowledge you lose the ability to understand how you got where you are today.
Show threadAlexander BokovoyMay 16
@hyc the archives were available until recently...