[Kolab-devel] [issue2498] slapd.access dont scall well over 50 domains

[Fabio Pietrosanti (naif)]

This is a very very bad scalability issue.

Does the Alain Kolabd's patch fully fix the issue?

The "domain lists" are written in imapd.conf, in slapd.conf, in main.cf  .

I think that we should make some stress tests in order to create some 
million users with 100k domains in order to see where are the limits of 
the kolab system.

Imho kolab could very well scale also for a service provider usage, easy 
to be setup, it's just a matter of fine tuning all the place that 
prevent the system from scaling.

Then we used in production with +80.000 users .

If we will be able to use it also with a very high number of domains we 
will be able to suggest kolab use also for service providers that are 
willing to provide to their users services like "Hosted Exchange" but 
providing "Hosted Kolab" .

Alain Spineux wrote:
> New submission from Alain Spineux <alain.spineux at gmail.com>:
>
> The way slapd.access is generated by kolabconf,
> dont allow more than about 50 domains.
>
> This is because openldap don't allow access rules
> bigger than 8192 chars.
>
> I wrote a patch to split the first rules, one domain at
> a time. I use "break" and "stop" keyword.
>
> The main problem is that openldap segfault if the rule
> is >8192 char !
>
> Here is the result 
>
> # Access to domain groups
> access to dn.children="cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
>         by
> group/kolabGroupOfNames="cn=admin,cn=internal,dc=eg01,dc=emailgency,dc=loc" write
>         by
> group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=eg01,dc=emailgency,dc=loc"
> write
>         by dn="cn=nobody,cn=internal,dc=eg01,dc=emailgency,dc=loc" read
>         by * break
>
> # Access to domain groups continue
> access to dn.children="cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
>         by
> group/kolabGroupOfNames="cn=eg01.emailgency.loc,cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
> read
>         by * break
>
> # Access to domain groups continue
> access to dn.children="cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
>         by
> group/kolabGroupOfNames="cn=mydomain.loc,cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
> read
>         by * break
>
> # Access to domain groups continue
> access to dn.children="cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
>         by
> group/kolabGroupOfNames="cn=alpha.loc,cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
> read
>         by * break
>
> ... some more domain definitions ...
>
> # Access to domain groups end
> access to dn.children="cn=domains,cn=internal,dc=eg01,dc=emailgency,dc=loc"
>          by * search stop
>
> ----------
> files: kolab-2.2rc1-slapd-access-split-domain.patch
> messages: 13785
> nosy: alain.spineux at gmail.com
> priority: bug
> status: unread
> title: slapd.access dont scall well over 50 domains
> topic: server
> ___________________________________________________
> Kolab issue tracker <kolab-issues at intevation.de>
> <https://www.intevation.de/roundup/kolab/issue2498>
> ___________________________________________________
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel