Announcement: No further ldap backend development

Antworten
Benutzeravatar
d.oertel
uib-Team
Beiträge: 3319
Registriert: 04 Jun 2008, 14:27

Announcement: No further ldap backend development

Beitrag von d.oertel »

Dear opsi user,

since over 4 years (opsi 3.0) opsi supports LDAP as one possible backend. Over this time we got a lot experience in development and maintenance of this backend. Based on this experience we give in our opsi trainings for some time past the recommendation to not use this backend.

The major reasons are:

- A LDAP based data storage is good fast access to distributed and slow changing data. LDAP is not designed for a effective storage fast changing data. opsi changes the data set very often (for example changes every web service contact from a client to the server the clients data set).

- LDAP is often used as distributed data storage.
opsi needs even if it used distributed locations, only a central data storage at the opsi config server. Using LDAP as opsi backend triggers on every data change a replication process of these changed data to the other LDAP locations. At these other locations the opsi data is not needed, so we have a lot of senseless network traffic. And for basic security principles the opsi data should only be stored where it is needed.

Since opsi 4 we have with the mysql backend, a backend which has a better performance for large installations than the LDAP backend.
Based on our experience we see that the maintenance of the LDAP backend is costs us more than for the other backends.

Based on this background we have decided to do not make a further development of the opsi LDAP backend.

For any opsi LDAP backend user mean this:

For any combination of opsi 4.0.1 and Linux distribution you run the LDAP backend it will go on working (we do not switch off anything).

In any case of future extensions of opsi which needs any changes or extensions at the data storage, these changes will not be done to the LDAP backend. (And in fact this is also not a really new idea, because you still need the mysql backend for license management and the opsi WAN extension).
So the LDAP backend will be discontinued at the next major version of opsi which will come again with a lot of data structure changes. But this will take a long time from now because we didn't have even started the work on the next major release.

For any new Linux distribution release where changes at LDAP backend are needed, we will not support the LDAP backend on this new release.
As far as we know the first distribution which is affected by this policy, is the next major release (3.0) of the Univention Corporate Server. In such a case you should switch to the file or mysql backend before your distribution upgrade.

We hope you agree with this decision.

For any comments you are invited to make post in this thread.

With kindly regards

detlef oertel
opsi support - uib gmbh

For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
Benutzeravatar
bilbo-the-hobbit
Beiträge: 17
Registriert: 10 Nov 2010, 17:46

Re: Announcement: No further ldap backend development

Beitrag von bilbo-the-hobbit »

Hello,

i'am sorry to not having responded before but work keep pilling :)

I think we need a full ldap backend for opsi. Its needed because lots of company / university /school use that as a backend.

I have not a clear view exactly on how to make it better, because i'am only rereading the schema now, but we can modelize what we have now in a lab and come back in december with some proposal how to make it better.

But not later than tonight i was discussing with a heavy user of opsi and you know what :) it was using the ldap version.

Have a good night
Représentant Officiel OPSI Francophone
www.opensides.eu official technology partner
Antworten