[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP structure
- To: openldap-software@OpenLDAP.org
- Subject: Re: LDAP structure
- From: "Mark H. Wood" <mwood@IUPUI.Edu>
- Date: Mon, 11 Aug 2003 09:42:57 -0500 (EST)
- In-reply-to: <20030720013038.GP2772@piglet2>
- References: <977483896.1058361422886.JavaMail.wwwrun@chicago> <1058447444.15651.9.camel@ws-tor-0048.procergs> <20030717132855.GB8302@conectiva.com.br> <3F16B02D.6000206@mentata.com> <20030720013038.GP2772@piglet2>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 20 Jul 2003, Peter Lavender wrote:
> * Jon Roberts (jon@mentata.com) wrote:
[snip]
> I have often wondered about a suitable design for DITs.
>
> One idea I have had, but haven't had a chance to test/deploy, is creating
> a flat person branch, where all people located. Here all the details about
> the person reside in one place.
>
> The organisational structure is then represented in a different branch,
> say orgainsiation, this would then basically be the roles within the
> orgainsation. These would then point to the person in the person branch.
Consider carefully the nature of the tools you'll be using against this
directory, if the number of users is large. We have a directory in
Microsoft ADS with only ~140,000 users, all in one OU. This would not be
a problem were it not that Windows' tools, including the Active Directory
Users and Computers MMC plugin, are painfully slow to return control when
pointed at such a large number of objects -- I must wait 15-20 *minutes*
before I can do anything with the tool when entering the OU=Users
container. I suspect that the plugin is trying to fetch a significant
amount of detail on all 140,000 objects before displaying anything, a
user-interface design error which is committed with distressing frequency.
If you have control over the nature of the tools you will use, the best
thing is of course to select or create properly-designed tools which won't
do lots of expensive operations by default on large OUs. Otherwise you
may wish to consider trading off the advantages of a flat namespace
against the ability to manage that namespace in a timely fashion.
- --
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQE/N6t1s/NR4JuTKG8RAky8AKCELPdEGIM+//5tJhdGRXsgnP4VfwCeJkcm
oJmfmU3znluR+8KT+64uNdQ=
=lCFn
-----END PGP SIGNATURE-----