One of the changes my beta testers are testing is switching from NIS to LDAP for login/auth/homedir lookups; all is working perfectly, Dovecot + PAM/nss_ldap is A-OK. No issues here, we've been using LDAP lookups on other servers for years.
I'm wondering about load, specifically if when I switch the entire company over, will the new authentication load stress my LDAP server to the point of breaking.
A) Does anyone here have some numbers or experience in this switch that could lend some real-world advice? We're talking maybe... 50 people with large (numerically, not gig-age) mailboxes, and ThunderBird seems to open 4-5 connections per client based on the logs.
B) Would anyone advise that I run a slapd slave directly on the main Dovecot server to alleviate load? Is this overkill and I shouldn't worry about it?
Mainly what has me concerned is that on the Dovecot machine, I'm getting a number of entries in the messages that look like:
dovecot-auth: nss_ldap: reconnecting to LDAP server... dovecot-auth: nss_ldap: reconnected to LDAP server after 1 attempt(s)
No failures ever, it all just works. But still this tickles my brain that maybe it'll need more robustness come production time.
Thanks for your feedback, -te
-- Troy Engel | Systems Engineer Fluid Inc. | http://www.fluid.com