On Thu, Mar 24, 2011 at 1:39 AM, Marc Patermann <hans.moser@ofd-z.niedersachsen.de> wrote:
sim123,

(no top posting, please!)

sim123 schrieb am 24.03.2011 01:10 Uhr:
On Wed, Mar 23, 2011 at 5:01 PM, Indexer <indexer@internode.on.net <mailto:indexer@internode.on.net>> wrote:
>     On 24/03/2011, at 10:22, sim123 wrote:
   I am designing LDAP schema and the structure looks like :

   --ROOT
   ---- ou = people
   ------- cn = john smith
   ---- ou = groups
   ------ ou = group1
   -------- member:john smith
   ------ ou = group2
   -------- member: john smith

   I would like to find out what all groups john smith belongs to (I
   have full
   dn) and all the members of a group. I am wondering about the
   performance of
   such search, since one person can be part of multiple groups and
   there can
   be thousands of groups in the server. If its a relational database
   I can
   create a relationship table and put indexes in place. How can I
   get best
   performance with OpenLDAP? Or is there any other way I should
   design this?

   Use the memberOf overlay. ( 12.8. Reverse Group Membership Maintenance )

   http://www.openldap.org/doc/admin24/overlays.html
> Thanks for really quick reply. I looked at memberOf description and it
> really helps as I can just do one search. But under the hood OpenLDAP
> will still look for every single group and find if "john smith" is
> member of that group or not, is that right? If so, would slapd do any
> special optimization to get better performance? I am new to LDAP in
> general, so are they intended for such type of queries?
As far as I know, the overlay observes changes to groups and if changes appear it modifys the memberof information in the member object. memberof is stored there like a "regular" attribute. so there is no need to examine all the groups in case of a memberof search.
The downside is that activating the overlay has no effect on existing groups, because the memberof overlay has not seen any changes on these groups.

Marc
Oh ok, that sounds good, since I am creating a schema from scratch, I can give memberof overlay a try. Thanks for the clarification. 

-Simon
P.S. gmail does top posting by default, I will keep that in mind from next time :)