On Thu, Mar 24, 2011 at 1:39 AM, Marc Patermann < [email protected]> wrote:
> sim123, > > (no top posting, please!) > > sim123 schrieb am 24.03.2011 01:10 Uhr: > >> On Wed, Mar 23, 2011 at 5:01 PM, Indexer <[email protected]<mailto: >> [email protected]>> wrote: >> > On 24/03/2011, at 10:22, sim123 wrote: >> >>> I am designing LDAP schema and the structure looks like : >>>> >>>> --ROOT >>>> ---- ou = people >>>> ------- cn = john smith >>>> ---- ou = groups >>>> ------ ou = group1 >>>> -------- member:john smith >>>> ------ ou = group2 >>>> -------- member: john smith >>>> >>>> I would like to find out what all groups john smith belongs to (I >>>> have full >>>> dn) and all the members of a group. I am wondering about the >>>> performance of >>>> such search, since one person can be part of multiple groups and >>>> there can >>>> be thousands of groups in the server. If its a relational database >>>> I can >>>> create a relationship table and put indexes in place. How can I >>>> get best >>>> performance with OpenLDAP? Or is there any other way I should >>>> design this? >>>> >>> >>> Use the memberOf overlay. ( 12.8. Reverse Group Membership Maintenance >>> ) >>> >>> http://www.openldap.org/doc/admin24/overlays.html >>> >> > Thanks for really quick reply. I looked at memberOf description and it > > really helps as I can just do one search. But under the hood OpenLDAP > > will still look for every single group and find if "john smith" is > > member of that group or not, is that right? If so, would slapd do any > > special optimization to get better performance? I am new to LDAP in > > general, so are they intended for such type of queries? > As far as I know, the overlay observes changes to groups and if changes > appear it modifys the memberof information in the member object. memberof is > stored there like a "regular" attribute. so there is no need to examine all > the groups in case of a memberof search. > The downside is that activating the overlay has no effect on existing > groups, because the memberof overlay has not seen any changes on these > groups. > > Marc > Oh ok, that sounds good, since I am creating a schema from scratch, I can give memberof overlay a try. Thanks for the clarification. -Simon P.S. gmail does top posting by default, I will keep that in mind from next time :)
