[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] Nested group (was: groupOfEntries object class proposal)
Changed subject because this is another thing to discuss.
Steven Legg wrote:
>
> The advantage of *not* having nested groups is that it is sufficient
> to just read the values of the member attribute to determine group
> membership. If there are nested groups, then it is necessary to
> read each of the entries named in the values of the member attribute
> to see which of them, if any, are themselves groups. That could be
> a big performance hit for a group with a large set of members.
I fully agree. One really has to think twice whether nested groups are
really needed in a particular use-case and worth the performance hit.
> If nested groups are to be allowed, then I would rather see the
> nested groups listed in a separate attribute, e.g., called nestedGroups,
> so that implementations only need to read the entries that really
> are nested groups.
+1
Ciao, Michael.
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext