Scalability / Users on Domain

Hello,

I have a client that would really like the back end for their user system to be based on the linux system, rather than storing user passwords in a database & having a separate permissions system from linux, etc.

I’m quite sure that there could be arguments against this, but they pay the bills and have their reasons for wanting this. I understand the reasons – they want all of the users to have FTP access, and quota limits, etc.
Writing a new system to allow and track those things is an unnecessary expense IF the existing system is scalable enough to handle things.

So… looking at about 20,000 users that would be immediately imported into the system. Additional users would be added through scripting and the Virtualmin API. The same with changes to quotas or password changes.

Are Virtualmin, and related systems within Linux (currently using CentOS x64) going to handle that without slowing to a crawl?

For the purposes of this query, let’s assume that CPU power and memory are no object. Right now the system is a VM on a dual quad-core xeon, with 4 cores and 16GB memory allocated to it. It spends most of it’s time just sitting there, being idle. I can see disk power being a problem at some point - we need a fair amount of storage space - and enterprise class fast drives are fairly expensive right now. I’ll cross that bridge when we need to.

Any thoughts, or folks that have experiences with over 10k users on a virtualmin domain?

Well, I don’t personally have experience with a system containing that many users, I’ll ask Jamie for some input.

But out of curiosity – is it an option to use LDAP for storing users – which would allow for FTP access, quotas, and the like?

We generally discourage LDAP, unless one is dealing with tens of thousands of users… which you just so happen to be looking at :slight_smile:

-Eric

Sorry for the delayed reply; I got caught up in other parts of the project and am now returning to how the client would like to do user authentication.

LDAP sounds like it would be an option; of course what I know about LDAP would fit in a thimble, unfortunately.

I did do some testing on this, and have found that at about 6000 users or so, the Virtualmin API does slow down quite a bit when creating users & resetting passwords. At 10k users, it’s pretty slow. Slow enough that the average person signing up would get bored and think that something has gone wrong. Authentication via IMAP or FTP is a bit slow (though not awful) at that point too. The test machine is currently a 4-Core Xeon w/ 8GB memory, with a 10k SAS drive. It could be better, but it’s better than many I’ve worked with.

I looked at the possibility of some other remote authentication API, but that presents a few different problems - part of the idea of putting this on Virtualmin would be using an established, trusted method of user authentication. The second part, of course, was to have the FTP access & quota limits built in. Going to a 3rd party solution, I would have to code the user limits and file access myself.

So, that said, I’m thinking I will need to look into LDAP, and into convincing the client that the change is needed. I’ll look through the docs for anything on LDAP that can point me in the right direction. Thank you very much for the suggestion.