From: Tony Earnshaw (no email)
Date: Wed Dec 01 2004 - 06:45:48 EST
tir, 30.11.2004 kl. 21.11 skrev Charles Quesenberry:
> >MySQL is easy to use however it is a memory hog.
> >
> >What I do is use MySQL to manage/create/delete mail accounts and I have a
> >script that builts the equivalent HASH tables from the MYSQL.. that way I get
> >the easy of MySQL without postfix using it directly.. ( Postfix uses the hash:
> >(.db) files generated FROM the MySQL tables instead.
> >
> >-matt
I choose LDAP for postfix because i use it network-wide (replicated or
SSL queries to a master or slave directory) as a single source for
password and relevant authentication information.
As far as security is concerned, no-one's mentioned Unix sockets, which
both SQL (MySQL at least) and Openldap can use. No TCP traffic, if a
master or slave directory is present on the same server.
> I like your solution. I am somewhat embarrassed that I didn't see it.
>
> Using my areas of particular importance, your solution breaks down like
> this:
> 1. security - hash files
> 2. reliability - hash files
> 3. ability to scale - hash files (same script or variant of script on
> multiple servers all querying the same mysql db server, *or* use rsync
> and/or nfs)
> 4. ease of administration - mysql database
> 5. performance - hash files
>
> I personally can't find a flaw in your solution.
See Victor's and Magnus' caveat.
> It's hard to argue
> that anything offers better reliability or performance than a hash
> file. Some may argue that you can get more finite control wrt security
> using MySQL or LDAP, but for an ISP I don't think that level of finite
> security is required. Not 100% sure if hash files can scale as well as
> LDAP or MySQL, but I think they may be able to.
>
> You proved that the best solution is often the simplest solution. A
> fact I somehow managed to forget.
I'd dispute the fact that a heterogeneous solution is the simplest ;)
> Just for the record, I am logging your LDAP vs MySQL input as:
> 1. security - no comment
> 2. reliability - no comment
> 3. ability to scale - no comment
> 4. ease of administration - the nod goes to MySQL
> 5. performance - the nod goes to LDAP
For LDAP on my Postfix servers::
1: security: LDAP with Unix socket to slapd
2: reliability: LDAP - but only the latest, stable OL versions (2.2.15
and greater)
3: ability to scale: Stanford University has 300,000 email accounts with
9 LDAP servers
4: ease of administration: LDAP - depending on how you administrate it
;)
5: performance: if it's Postfix 2.1 hash probably has the upper hand,
but LDAP with proxymap and a Unix socket to slapd on each server should
probably give you 2-300 operations per second, depending on your OS
(this is stanford University info).
--Tonni
-- Nothing sucksseeds like a pigeon without a beak ... mail: http://www.billy.demon.nl They love us, don't they, They feed us, won't they ...
|
|
|