idra at samba.org
Mon Oct 30 22:49:33 GMT 2006
I think there is a way to keep both speed and correctness as suggested
Something like this could make sense:
The member attribute of groups is a list of GUIDs, the memberOf is
instead always a constructed attribute.
We have a GUID -> DN specific tree:
When a member attribute is set we fetch the GUID of the object it refers
to and store it instead of the DN.
At the same time in a private partition we set up a GUID->DN mapping:
ref-dn: <the object DN>
This makes updates much faster a rename/delete is a matter of retrieving
the object GUID before the rename/delete, and make sure to change/delete
the corresponding entry in the private tree.
The only search operation we slow down is a search operation that
explicitly requires member or memberOf.
Each member/memberOf attribute value requires a lookup GUID->DN.
This solution will not degrade internal ldbs performances, and we can
implement it into an ldb module just for sam.ldb
Samba Team GPL Compliance Officer
email: idra at samba.org
More information about the samba-technical