[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldapext] Nested group

To: "simo" <idra@samba.org>, "Howard Chu" <hyc@highlandsun.com>
Subject: RE: [ldapext] Nested group
From: "Liben, Michael \(GTI\)" <michael_liben@ml.com>
Date: Wed, 19 Sep 2007 15:01:34 -0400
Cc: ldapext@ietf.org
Content-class: urn:content-classes:message
Importance: normal
References: <46EF07BD.1010801@padl.com><20070918110511.GF23300@tile.skills-1st.co.uk> <46F060CD.20008@eb2bcom.com><46F063BE.5020900@padl.com> <20070917143336.GA7266@tile.skills-1st.co.uk><46EF07BD.1010801@padl.com> <20070918110511.GF23300@tile.skills-1st.co.uk><46F060CD.20008@eb2bcom.com> <20070919104644.GE12296@tile.skills-1st.co.uk><1190210820.31971.105.camel@localhost.localdomain><20070919152141.GH12296@tile.skills-1st.co.uk><1190220132.31971.147.camel@localhost.localdomain><46F15776.4090804@highlandsun.com> <1190226457.31971.163.camel@localhost.localdomain>
Thread-index: Acf67G9k2L9nDY6QSVK82OKZaYtQYgAAV2sQ
Thread-topic: [ldapext] Nested group

In Active Directory, Microsoft maintains 'back link' attributes. One of
these is memberOf. When an object is added or removed from a group, a
process runs that updates the back link attribute on the object. If the
member object is moved or deleted, another process updates the group's
member attribute accordingly. 

Clients still have to evaluate all of the members to determine a nested
resultant set of members. However, clients can easily view all the
groups to which an object is a member, walking up the tree instead of
downward.

-----Original Message-----
From: simo [mailto:idra@samba.org] 
Sent: Wednesday, September 19, 2007 2:28 PM
To: Howard Chu
Cc: ldapext@ietf.org
Subject: Re: [ldapext] Nested group

On Wed, 2007-09-19 at 10:08 -0700, Howard Chu wrote:
> simo wrote:
> > On Wed, 2007-09-19 at 16:21 +0100, Andrew Findlay wrote:
> >> Hmm: I think the different-attributes case is actually *simpler* to
> >> code. The algorithm for enumerating members is almost identical.
> > 
> > -	for each nested group {
> > +	for each member {
> > 
> > The algorithm complexity is the same, although, it is true, a client
may
> > require more operations.
> 
> You're saying "in theory these are the same." That may be true, but in

> practice, your "simplification" creates more work both the client and
the 
> server. We can do better, therefore we should.

"Better" depends on the context I guess.
Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra@samba.org
http://samba.org


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext
--------------------------------------------------------

This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Merrill Lynch. Subject to applicable law, Merrill Lynch may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or error-free. This message is subject to terms available at the following link: http://www.ml.com/e-communications_terms/. By messaging with Merrill Lynch you consent to the foregoing.
--------------------------------------------------------

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] Nested group
  - From: Luke Howard <lukeh@padl.com>

References:
- Re: [ldapext] groupOfEntries object class proposal
  - From: Luke Howard <lukeh@padl.com>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Steven Legg <steven.legg@eb2bcom.com>
- Re: [ldapext] groupOfEntries object class proposal
  - From: Luke Howard <lukeh@padl.com>
- [ldapext] groupOfEntries object class proposal
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: simo <idra@samba.org>
- Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
  - From: simo <idra@samba.org>
- Re: [ldapext] Nested group
  - From: Howard Chu <hyc@highlandsun.com>
- Re: [ldapext] Nested group
  - From: simo <idra@samba.org>

Prev by Date: Re: [ldapext] Nested group expansion control
Next by Date: Re: [ldapext] Nested group (was: groupOfEntries object class proposal)
Index(es):
- Chronological
- Thread