member/memberOf and samldb.c

Stefan (metze) Metzmacher metze at
Mon Aug 29 13:59:11 GMT 2005

Hash: SHA1

Luke Howard schrieb:
>>that could be a bit tricky for us, though I can see the advantages of
>>using a GUID or similar unique token.
> BTW, in XAD we don't store the "member" values in the group entry at
> all, they are virtualized as is "memberOf". So the performance impact
> is identical no matter which way you read the entry :-)
> Also, we found that this model was easier to adapt to support linked
> value replication than it would be if we just stored the DN, because
> of the extra metadata that needs to be stored.

I assume this is the general model to handle (multivalued) linked attributes,
and it's not specific to member/memberOf.

and we should keep in mind that we need to keep meta-data like verion_number, orgination_usn,
orgination_dsa_invocation_id, orgination_time and local_usn per attribute-value.
when we want to support the w2k3 functional level of ads dc's. (which is needed for having
more than 5000 members in one group).

If someone is interessted:
here are DsGetNCChanges-dumps from a w2k3 dc in mixed mode, with w2k functional level.

- --

Stefan Metzmacher <metze at>
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird -


More information about the samba-technical mailing list