17 September 2007 - 10:03Gee, that'd be nice to have...
A query came up on the Fedora Directory Users mailing list about dynamic groups. Since dynamic groups have come up again recently in the IETF LDAP Extensions mailing list, I chimed in with some tips, also pointing out that OpenLDAP was already engaged in this work. The fellow making the query then came back and said essentially "gee, I see this other cool overlay in OpenLDAP, it'd be nice to have that in FDS too." Yes, wouldn't it. But what's the point of trying to make FDS more like OpenLDAP, when you could just be running OpenLDAP?A few months back Andrew Bartlett from the Samba team was pushing the FDS guys to implement ldapi:// support, based on the OpenLDAP implementation. Again, trying to make FDS more like OpenLDAP.
Fact is, there's a slew of features in OpenLDAP that have been working fine there for ages, that other people are just beginning to think about. And OpenLDAP's software architecture makes it trivially easy to add more features, without any performance overhead.
This is the real point that people seem to have missed. I've taken some flack for crowing so much about OpenLDAP's performance. "Speed isn't everything." Of course it's not. Correctness comes first, of course - like in music, speed without accuracy is just noise. We're not here to make noise... But efficiency *is* important. OpenLDAP is deep infrastructure code; huge complex systems are built on top of it. You need a platform that's both rock solid and lightning fast, because the inevitable complexity that you layer on top of it is going to take its own share of resources, bringing the overall system performance down.
On any given hardware, OpenLDAP is consistently over 3 times faster than FedoraDS. Yes, you can write SLAPI plugins to duplicate the functionality of OpenLDAP overlays. But as you grow more and more dependent on all of these extensions, you're going to find performance to be abysmally slow, because no matter how carefully you code your plugin, you're attaching it to a platform that itself is a hulking wreck.
Speed isn't everything. Agility, flexibility, resilience, reliability are all important. But they all benefit from efficiency. And that's not something you can just add to a piece of software. You have to build it in from ground zero.
Eventually, a dedicated team of brilliant developers might put in the man years of work needed to turn FDS into a decent platform. But by then, OpenLDAP will be another several light years further beyond. Because we put in the hard foundation work years ago, adding features now is trivially easy, and more and more contributions from the community keep coming in.
I gave a few presentations last year that concluded with "OpenLDAP is the only directory software that matters." This is the crux of it: For the past several years, the OpenLDAP Project has literally been setting the standard for LDAP, developing ideas, turning them into working code and publishing those ideas as IETF specifications. We've been defining the protocol and developing the definitive implementation of it. Everybody else is just trailing behind...
one comment:
http://www.saleveling.com http://www.power-leveling-game.com
No trackbacks: