On Donnerstag, 10. April 2008, Michael Ströder wrote:
Hallvard B Furuseth wrote:
Michael Ströder writes:
Is that really a problem? How often is "occasionally"?
Don't know, and don't know.
To me 2.5 MB does not sound so much to justify thinking about changing the client app in such a network- and data-specific way.
OK, good. I've no experience with that kind of search result sizes myself.
I can only speak of situations where I retrieve the whole directory (up to 300000 entries) for syncing. But this does not happen very often and my sync scripts call ldap_result() quite soon and process results as they come in.
getgrent() with nss_ldap. Others may come later.
Hmm, maybe that's what Volker Lendecke was talking about at LDAPcon 2007 regarding enumeration of groups. See his slides:
http://www.guug.de/veranstaltungen/ldapcon2007/slides/ldapcon_lendecke.pdf
If that really is the problem. How about disabling getgrent for nss_ldap. nss_ldap supports that since some versions. Have a look for "nss_getgrent_skipmembers" in the man-page.