Stefan, The hierarchy and logical organization are indeed different.
However, even if they weren't different, I'd still be left with the problem that OBJECT or ONE_LEVEL don't seem to work and SUBTREE seems to act like OBJECT for this particular AD instance. - Chris -----Original Message----- From: Stefan Seelmann [mailto:[email protected]] Sent: Tuesday, February 03, 2015 3:49 PM To: [email protected] Subject: Re: Proper use of LdapConnectionPool On 02/03/2015 10:19 PM, Emmanuel Lécharny wrote: > Le 03/02/15 22:07, Stefan Seelmann a écrit : >> I forgot to mention the performance aspect. >> >> If you traverse all persons from the CEO down you need as many LDAP >> search operations as you have persons in the directory, each require >> a full network roundtrip, which takes time. > > What's the point of doing that when a ONE_LEVEL search done one level > below would provide all the entries with one single Search ? If I understand Chris correctly the directory hierarchy and the logical organisational hierarchy are different. For example: dn: cn=ceo,ou=c,ou=b,ou=a directreports: cn=jane,ou=x,ou=w,ou=a directreports: cn=john,ou=z,ou=y,ou=a If that is the case the "directreports" are not LDAP child entries, but just pointer to somewhere in the directory tree. Similar to nested group membership. @Chris, if this is not the case then please ignore my mail and use ONE_LEVEL search to traverse the directory hierarchy, that is the preferred way. >> However if possible I'd avoid such a costly tree traversal, and >> instead use e.g. paged search. > Actually, it's probably better to abandon the request when you get > what you want, paged search will just mitigate the memory used on the > client side. > The information transmitted is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. For Translation: http://www.baxter.com/email_disclaimer
