ldb speed

simo idra at samba.org
Mon Oct 30 22:49:33 GMT 2006

I think there is a way to keep both speed and correctness as suggested
by others.

Something like this could make sense:

The member attribute of groups is a list of GUIDs, the memberOf is
instead always a constructed attribute.

We have a GUID -> DN specific tree:

When a member attribute is set we fetch the GUID of the object it refers
to and store it instead of the DN.
At the same time in a private partition we set up a GUID->DN mapping:
dn: CN=<guid-here>,DC=@GUIDS
ref-dn: <the object DN>

This makes updates much faster a rename/delete is a matter of retrieving
the object GUID before the rename/delete, and make sure to change/delete
the corresponding entry in the private tree.

The only search operation we slow down is a search operation that
explicitly requires member or memberOf.
Each member/memberOf attribute value requires a lookup GUID->DN.

This solution will not degrade internal ldbs performances, and we can
implement it into an ldb module just for sam.ldb


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list