[Fedora-directory-users] Contemplating an upgrade to Fedora DS 1.1

Jeff Tharp jtharp at esri.com
Wed Jan 16 04:38:21 UTC 2008 

I am looking into the feasibility of upgrading the LDAP backend used for
authentication on many of our web sites (roughly 300K users).  Currently
we are using FedoraDS 1.0.2 running on RHEL 4 in a multi-master
configuration of two nodes configured as a high-availability cluster
using Heartbeat from the Linux-HA project.  My underlying database is
Berkeley DB 4.2.52.  My goal would be to upgrade to FedoraDS 1.1 running
on RHEL 5.1.  I have managed to complete the initial installation on my
test system and so I'm now digging into the details of the migration.

Some questions that have come up:
1. RHEL5.1 ships with Berkeley DB 4.3 and I noticed a note that this has
been found subpar for production use in large environments.  Should I
consider reverting back to Berkeley DB 4.2.52 or should I look into
installing Berkeley DB 4.5 or 4.6?  If I installed the FedoraDS 1.1 fc6
binary packages, do I need to be worried that these were built against a
specific Berkeley DB version?

2. Most of the migration notes I see on the site mention migrating from
1.0.4 to 1.1.  Is it necessary to migrate our current 1.0.2 install to
1.0.4 as an intermediate step to upgrading to 1.1?  Or should the 1.0.4
migration steps be sufficient?

3. Previously, we had separate physical filesystems for / and /opt, so
that the directory server files were separated from the system files.  I
understand that in FedoraDS 1.1 the decision has been to standardize the
pathing so this is no longer feasible.  If I still wanted at least the
instance-specific files (or at least the instance-specific database
files) to be in a separate filesystem, say /data, what would be the
recommended way of accomplishing this?  Or should I just go crazy with
symbolic links to accomplish the structure I want? :-)

I greatly appreciate any advice you can provide regarding these
questions.  I must say that we originally deployed FedoraDS 1.0.2 two
years ago to replace a much older OpenLDAP 2.0 implementation and have
generally been happy with both its performance and stability.

Thanks,
Jeff Tharp
System Administrator
ESRI - Redlands, CA
http://www.esri.com

More information about the Fedora-directory-users mailing list