Thanks for really quick reply. I looked at memberOf description and it really helps as I can just do one search. But under the hood OpenLDAP will still look for every single group and find if "john smith" is member of that group or not, is that right? If so, would slapd do any special optimization to get better performance? I am new to LDAP in general, so are they intended for such type of queries?

Thanks.

On Wed, Mar 23, 2011 at 5:01 PM, Indexer <indexer@internode.on.net> wrote:

On 24/03/2011, at 10:22, sim123 wrote:

Hi All,

I am designing LDAP schema and the structure looks like :

--ROOT
---- ou = people
------- cn = john smith
---- ou = groups
------ ou = group1
-------- member:john smith
------ ou = group2
-------- member: john smith

I would like to find out what all groups john smith belongs to (I have full
dn) and all the members of a group. I am wondering about the performance of
such search, since one person can be part of multiple groups and there can
be thousands of groups in the server. If its a relational database I can
create a relationship table and put indexes in place. How can I get best
performance with OpenLDAP? Or is there any other way I should design this?





Thanks for the help.

William Brown

pgp.mit.edu