[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Efficient Searching for Groups & its members


(no top posting, please!)

sim123 schrieb am 24.03.2011 01:10 Uhr:
On Wed, Mar 23, 2011 at 5:01 PM, Indexer <indexer@internode.on.net <mailto:indexer@internode.on.net>> wrote:
>     On 24/03/2011, at 10:22, sim123 wrote:
    I am designing LDAP schema and the structure looks like :

    ---- ou = people
    ------- cn = john smith
    ---- ou = groups
    ------ ou = group1
    -------- member:john smith
    ------ ou = group2
    -------- member: john smith

    I would like to find out what all groups john smith belongs to (I
    have full
    dn) and all the members of a group. I am wondering about the
    performance of
    such search, since one person can be part of multiple groups and
    there can
    be thousands of groups in the server. If its a relational database
    I can
    create a relationship table and put indexes in place. How can I
    get best
    performance with OpenLDAP? Or is there any other way I should
    design this?

    Use the memberOf overlay. ( 12.8. Reverse Group Membership Maintenance )

> Thanks for really quick reply. I looked at memberOf description and it
> really helps as I can just do one search. But under the hood OpenLDAP
> will still look for every single group and find if "john smith" is
> member of that group or not, is that right? If so, would slapd do any
> special optimization to get better performance? I am new to LDAP in
> general, so are they intended for such type of queries?
As far as I know, the overlay observes changes to groups and if changes appear it modifys the memberof information in the member object. memberof is stored there like a "regular" attribute. so there is no need to examine all the groups in case of a memberof search. The downside is that activating the overlay has no effect on existing groups, because the memberof overlay has not seen any changes on these groups.