[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Efficient Searching for Groups & its members
sim123,
(no top posting, please!)
sim123 schrieb am 24.03.2011 01:10 Uhr:
On Wed, Mar 23, 2011 at 5:01 PM, Indexer <indexer@internode.on.net
<mailto:indexer@internode.on.net>> wrote:
> On 24/03/2011, at 10:22, sim123 wrote:
I am designing LDAP schema and the structure looks like :
--ROOT
---- ou = people
------- cn = john smith
---- ou = groups
------ ou = group1
-------- member:john smith
------ ou = group2
-------- member: john smith
I would like to find out what all groups john smith belongs to (I
have full
dn) and all the members of a group. I am wondering about the
performance of
such search, since one person can be part of multiple groups and
there can
be thousands of groups in the server. If its a relational database
I can
create a relationship table and put indexes in place. How can I
get best
performance with OpenLDAP? Or is there any other way I should
design this?
Use the memberOf overlay. ( 12.8. Reverse Group Membership Maintenance )
http://www.openldap.org/doc/admin24/overlays.html
> Thanks for really quick reply. I looked at memberOf description and it
> really helps as I can just do one search. But under the hood OpenLDAP
> will still look for every single group and find if "john smith" is
> member of that group or not, is that right? If so, would slapd do any
> special optimization to get better performance? I am new to LDAP in
> general, so are they intended for such type of queries?
As far as I know, the overlay observes changes to groups and if changes
appear it modifys the memberof information in the member object.
memberof is stored there like a "regular" attribute. so there is no need
to examine all the groups in case of a memberof search.
The downside is that activating the overlay has no effect on existing
groups, because the memberof overlay has not seen any changes on these
groups.
Marc