[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Nested group expansion control

To: ldapext@ietf.org
Subject: Re: [ldapext] Nested group expansion control
From: Howard Chu <hyc@highlandsun.com>
Date: Wed, 19 Sep 2007 12:04:57 -0700
In-reply-to: <20070919173257.GJ12296@tile.skills-1st.co.uk>
References: <46F060CD.20008@eb2bcom.com> <46F063BE.5020900@padl.com> <20070917143336.GA7266@tile.skills-1st.co.uk> <46EF07BD.1010801@padl.com> <20070918110511.GF23300@tile.skills-1st.co.uk> <46F060CD.20008@eb2bcom.com> <20070919104644.GE12296@tile.skills-1st.co.uk> <1190210820.31971.105.camel@localhost.localdomain> <20070919152141.GH12296@tile.skills-1st.co.uk> <1190220132.31971.147.camel@localhost.localdomain> <20070919173257.GJ12296@tile.skills-1st.co.uk>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a8pre) Gecko/2007091708 SeaMonkey/2.0a1pre

Andrew Findlay wrote:

On Wed, Sep 19, 2007 at 12:42:12PM -0400, simo wrote:

The algorithm complexity is the same, although, it is true, a client may
require more operations.

Actually I think this problem would be better solved by a control to ask
the server to do the calculations for us (and IIRC there is a control
like that in the AD implementation called ASQ or something like that)
and use a cache, so we have both an efficient way to do it and avoid the
artificial distinction.


Server support would certainly be valuable in many cases and a control
sounds like a good way to ask for it. However, I think that is
orthogonal to the question of whether there should be two attributes.

Digressing down this path briefly... Such a control should probably have a depth/recursion limit as a parameter. Servers would have to be smart about how this control is propagated in a distributed environment, e.g. if certain nestedGroup DNs reside on remote servers. (Though in practice, just as with search limits, clients will probably most often ask for "unlimited" and leave it up to the server to restrict it.) -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- Re: [ldapext] groupOfEntries object class proposal
  - From: Steven Legg <steven.legg@eb2bcom.com>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Luke Howard <lukeh@padl.com>
- [ldapext] groupOfEntries object class proposal
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Luke Howard <lukeh@padl.com>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: simo <idra@samba.org>
- Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: simo <idra@samba.org>
- Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: [ldapext] Nested group
Next by Date: RE: [ldapext] Nested group
Index(es):
- Chronological
- Thread