LDAP user limitation.

Latest response

Dear all,


I wanted to implement OpenLDAP as my Primary Domain Controller(PDC) authentication. My query is, how many users can be added to that domain. I found somewhere that, I can not allocate more than 1500 users in single PDC. Is it rue? My believe, I will get a clear replay from you guys about the users limitation. Thanks in advanced.




That sounds like a legacy Microsoft Windows NT4 and 2000 AD Best Common Practice (BCP), and nothing to do with OpenLDAP.


Back before AD came out, the Netscape iPlanet lineage (aka RHDS/389) could do tens of thousands of user objects, easily.  I know OpenLDAP has been used for such as well.  They are based on the same Michigan LDAPv3 code as AD as well.


However, the NTdom/AD functionality has many other RPC operations that cause most other exchange and issues though.  That's where the limits come from, regardless of implementation.

Also understand OpenLDAP is *NOT* an PDC/AD replacement.  That is also the case with even RHDS (or Fedora's 389), let alone Enterprise Identity Management in EL6.1 (or FreeIPA 2.x) -- all based on the iPlanet lineage.


The only "direct replacement" for AD is Samba4.  However, one can setup Samba as a legacy NTuser domain (NT4-style) PDC, with or without LDAP, and even support the Kerberos SSPI with Kerberos and LDAP as a limited store.  But it's still not a full AD replacement as I understand it.

I don't know what the current argument of Samba4 v. Samba3+OpenLDAP setups though.  That should be explored.  I know several people I know are enjoying Samba4 for as a PDC replacement without absolutely full AD functionality, and prefer it instead of the prior, manual Samba3+OpenLDAP setup.


I.e., as I understand it, Samba4 at least does it "as good" as the Samba3+OpenLDAP.  But I don't have the experience to make a hard recommendation.


-- Bryan


P.S.  Samba4 (for Windows client) with password sync to EntID/IPA (for UNIX/Linux clients) is a powerful, enterprise solution with multi-master replication and Kerberos on both ends.

Dear Bryan Smith,


Thank for sharing wonderfull thought. can you guide me? I want to integrate rhds with samba as a pdc. But I am not getting a good tutorial. If you spread your hand will be very much helpfull to me.

samba pdc with RHDS backend

How do I configure a Samba PDC in Red Hat Enterprise Linux 5?

Setting up a Samba PDC with an LDAP backend

Hi Shyfur,



Found this in my favorites of Firefox.

http://www.mrp3.com/windows-to-unix-samba.html is a nice starter tutorial.



Kind regards,



Jan Gerrit Kootstra