Question

Does TWiki scale for really large environments - say a University?

We would like to enable all of our users to access TWiki - which also means all of our students.

I am not afraid that there will be too many topics added by users - most users will probably never add something to the wiki.

But I think adding the users is a problem. We will use LDAP authentication. But the way this is integrated in TWiki and because of our naming schemes (we do not want the users to select their own names but want to set them) it seems best to populate the the users' data in advance.

But if we do this, we end up with maybe 20.000 user topics ... PeterThoeny says that many hundredes of users are no problem (CopingWithThousandsOfUsers). However, he also states that 10.000 topics are too many (HowManyTopicsAreTooMany) - but that's what you get with so many users. His statement was for ext. Is this still true for ext3?

(I tend to go with the default as this is most often the best tested solution. Therefore I tend to use ext3 on Linux (which I will probably use for TWiki). But if anyone thinks it would be better to use another filesystem, I would be very interrested in this. I could also use Solaris instead if this helps ...)

Here is what I plan to do:

• validate using LDAP
• populate TWiki with the existing accounts
  • create the users' wiki pages
  • map the login name to a WikiName using LoginNameAliasesPlugin (or maybe have a look at TWiki::Users::TWikiUserMapping?)
  • create (several hundred?) groups
  • add each user to at least 1 group
  • maybe create a weblog for each user

Technically this seems the easiest way to achive what we want. But I am not sure if TWiki scales for so many registered users ...

If not, we might have to look at how to automatically (without any user interaction, so TWikiLdapRegistration does not work for us; RegistrationOnDemandHack seems a bit closer) register users when they log in for the first time. But I a m reluctant to do this, as for what I read on this site, this seems to be quite some work, and more TWiki changes are to be expected in this area - see RegistrationBeyondDakar and RegistrationAsPluginRequirements .

Environment

-- MichaelRedinger - 18 Jul 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

You do not say which kinds of access criteria you need.

But if anyone should be able to more or less read anything, then you can simply do this.

• Let TWiki use Apache Login. Not Template login. (configure)
• Let Apache authenticate against your LDAP server. Your users then simply have their LDAP username when authenticated.
• Do not register anyone except for those few priviledged users that have to have access to topics that are locked for viewing and/or editing.
• Let everything else be open to anyone. You can block access to TWikiGuest if you want. The minute that are authenticated by Apache they are their userID and not TWikiGuest.
• When people edit a page they will leave their LDAP username as the fingerprints and signatures.

I run a corporate TWiki where most users are registered but some are not. And it works fine. The only limitation is that access rights do not work for the non-registered users so topics that are locked for editing cannot be opened for these users until they register and get a WikiName. If your users will hardly ever edit anything this seems to be something that could work for you as well.

-- KennethLavrsen - 18 Jul 2006

There are legal issues involved with student privacy in schools, at least in the US. Access control may needed in places where one wouldn't expect if one comes from the corporate world. For example, in my Harvard install, every student's homepage is not viewable by TWikiGuest, nor is the list of users that is automatically generated from registration. This is true of the college students in this program, not just the high school students.

-- MeredithLesly - 18 Jul 2006

Kenneth, thanks, I thought about handling it the way you desribed it. However, the problem really are the access rights. We need them, so we really have to register the users somehow (either all of them or just those who actually login).

-- MichaelRedinger - 19 Jul 2006

Michael, I've got an LdapContrib ready to be released into the public which does what you want. Here's the docu so far. There's also a new LdapPlugin based on it called LdapNgPlugin.

-- MichaelDaum - 19 Jul 2006

That's great news! Thanks Michael!

-- FranzJosefSilli - 19 Jul 2006

This is excellent, Micha! Many people asked for this feature, and it is a perfect match to the TWikiMission. Looking forward seeing it posted in the Plugins web.

-- PeterThoeny - 19 Jul 2006

Here it is: LdapContrib, LdapNgPlugin.

-- MichaelDaum - 19 Jul 2006

Thanks a lot! This seems exactly what I have been looking for!

-- MichaelRedinger - 19 Jul 2006