On Tuesday 01 June 2010 20:38:48 Nathan Kinder wrote:
On 05/31/2010 02:05 AM, Roberto Polli wrote:
> Hi all,
>
> I'll try to summarize:
> 1 - we like dynamic group expansion (memberURL is an ldap URI)
> 2 - ldapsearch -b GROUPDN "uniqueMember=*" retrieves both static and
> dynamic members
> 2.1- the forementioned search should retrieve nested group members too
> 3 - (wish) memberOf plugin should dynamically set the memberOf attribute
> in underlying entries
> 3.1 * if memberOf is a virtual attribute, it's impossible to use it in
> Searches (eg this won't work #ldapsearch "memberof=GROUPDN" )
> 3.2 * memberOf should be "real"
> 3.3 * we need a listener on each Update to
> 3.3.1 * rescan all groups
> 3.3.2 * update the memberOf attribute
There are likely some things you can do here to optimize for updates.
One idea would be to maintain an in-memory cache of dynamic group
filters that are present. You would have to scan for these groups at
server startup to populate the cache and maintain it whenever a group
filter is modified/added/deleted.
When an entry is updated, you can use the group filter cache to quickly
determine if a change to an entry affects it's group membership instead
of searching for all of the groups each time.
There may be better ideas than the above, but the cache idea was just a
quick thought that may help.
added
https://bugzilla.redhat.com/show_bug.cgi?id=618988 maybe better move
discussion there or in the wiki.
Let me know+Peace,
R:
--
Roberto Polli
Babel S.r.l. -
http://www.babel.it
Tel. +39.06.91801075 - fax +39.06.91612446
Tel. cel +39.340.6522736
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)
"Il seguente messaggio contiene informazioni riservate. Qualora questo
messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene
notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio
erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto
della legge in materia di protezione dei dati personali."