Pete Rowley wrote: 
I seem to have missed the start of this thread, so apologies for replying to
both posts here: 

  
-----Original Message-----
From: fedora-directory-users-bounces@redhat.com 
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf 
Of Richard Megginson
Sent: Friday, June 10, 2005 4:45 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Ideas for fds

jclowser@unitedmessaging.com wrote:

    
Haven't really thought this through, but would it be 
      
possible to use a 
    
combination of roles and cos to create a group the way I am 
suggesting?  I would think even if possible, it would be 
      
complicated 
    
and probably pretty inefficient, but is an option.  If I remember 
correctly, you can't search on dynamic attributes generated by Cos, 
though (actually, I think in the most recent version of the Sun DS, 
you could search on them, but they are treated as unindexed 
searches)...  This would likely factory into the members 
      
dynamically 
    
returned as uniquemember idea as well, so one more inefficiency in 
implementing my idea :-D
      

This crops up every now and then and for the reasons given I (and others)
have fended it off.  I am always weary of performance expectations with
feature requests and it is probably unlikely that an implimentation like
this would equal static group performance let alone roles performance.  As
others have said, those potentially huge attribute value lists are a major
issue - just moving that data around on the server side is burdonsome.

Having said that, I did consider what would be required to do this.  If you
required a two way relationship where the static groups could be updated old
style then you would need to make virtual attributes writeable - not a slam
dunk by any means.  If you just wanted readable entries then that is
possible, but not the way you suggest.  You would be far better off creating
a new virtual attribute service provider designed for the purpose than
retro-fitting the functionality into roles.  It could key off the nsrole
attribute and/or interpret dynamic groups.

  
In Fedora DS these attributes are "indexed" so you can search 
on them very quickly (e.g. ldapsearch .... (nsrole=ROLEDN)).

    

When did indexing get added? :)
I just meant that searches using virtual attributes in search filters are processed efficiently as if they had been indexed.


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users