Le 03/02/15 22:48, Stefan Seelmann a écrit : > On 02/03/2015 10:19 PM, Emmanuel Lécharny wrote: >> Le 03/02/15 22:07, Stefan Seelmann a écrit : >>> I forgot to mention the performance aspect. >>> >>> If you traverse all persons from the CEO down you need as many LDAP >>> search operations as you have persons in the directory, each require a >>> full network roundtrip, which takes time. >> What's the point of doing that when a ONE_LEVEL search done one level >> below would provide all the entries with one single Search ? > If I understand Chris correctly the directory hierarchy and the logical > organisational hierarchy are different. For example: > > dn: cn=ceo,ou=c,ou=b,ou=a > directreports: cn=jane,ou=x,ou=w,ou=a > directreports: cn=john,ou=z,ou=y,ou=a > > If that is the case the "directreports" are not LDAP child entries, but > just pointer to somewhere in the directory tree. Similar to nested group > membership.
I see. In this case, I would use a SubTree, and ditch entries that don't match the selection criteria. I think that it would be faster than creating new connections on the flight, despite the outrageaous number of entries transmoited. To be tested...
