23 Aug
2007
23 Aug
'07
11:24 a.m.
Aleksander Adamowski wrote:
I imagined that OpenLDAP maintained a cache for dynamic groups (that's how I understood "this exploits slapd group caching capabilities" in the FAQ) in order to do a search on (member=member'sDN). Such a cache would only need updating in only two cases:
- when there's a change in an object's DN if the object has an attribute used in any memberURL
- when there's a change in any object in any attribute that's used in a filter in any memberURL in the directory (sorry for convoluted sentence, but it's a convoluted subject...).
When I think about it, this data should be permanent, so it should be kept in an index, not in memory cache.
If you make the data permanent, then you may as well just use static groups.
Tracking "any memberURL in the directory" is either memory intensive and/or CPU intensive. There's no good way to do this without sacrificing one or both.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/