On Mon, Jul 09, 2007 at 01:44:31PM -0400, Matthew K Poer wrote: > On Monday 09 July 2007 1:27 pm, Roberto C. Sánchez wrote: > > On Mon, Jul 09, 2007 at 03:10:18PM +0200, Michelle Konzack wrote: > > > Am 2007-06-23 23:13:57, schrieb Till Wimmer: > > > > Hello, > > > > > > > > i'm running a server for several customers using cyrus/IMAP, sendmail, > > > > apache2 and ssh. > > > > > > All four can authenticate against PAM! > > > > > > ...and since PAM can use MySQL... > > > > I wouldn't use MySQL. LDAP is much better. > > Why? Is it faster? Easier? What? > (I am setting this sort of thing up in the near future). > Without getting into the reasons why MySQL specifically sucks, a directory is generally more suited to something like that than a database. With LDAP, you can split your directory if necessary and have a forest of servers. So, if you have a company with three branch offices, you can have each branch office serve a directory of its "local" users and then have a master LDAP server which knows which subordinate servers are out there.
Additionally, replication using slurpd is very nice. I know that MySQL and PostgreSQL both support replication, however the real advantage that LDAP gives is that it is specifically optimized for few writes and *many* reads (which is what an authentication store will need to do). Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
