Thanks for the replies, sorry to be vague. Maybe I
dont have anything to worry about. I have 30k current
users, and 70k inactive users (approx). My current
user base will remain the same, but obviously my
inactive users continue to grow.
Yes directories can scale well beyond those numbers.
Except for provisioning applications, I assume you
would want authn apps etc. pointing to a base of
current users. Why point at 100k when you are using
just 30k?
Another assumption :) big companies with huge ldap's
where uid's dont expire... Do they just keep all the
entries together? I thought maybe there was some
normal practice in this situation.
--- David Boreham <david_list(a)boreham.org> wrote:
Scott wrote:
>In our ldap we do not delete users, we deactivate
them
>with nsaccountlock. All user entries are in the
same
>branch of the tree. In this data structure, all
uid's
>are unique and are not used again.
>
>Ok well now our ldap is getting large and I would
like
>active users separate from inactive users to
provide
>better search performance. AFAIK lot of services
keep
>uid's so they cannot be used again. What's a good
>design approach? Do inactive users move to another
>tree? Maybe move to another server and use a
referral
>somehow. What do ldap admins do with all this dead
>weight? :)
>
>
I'm curious why you think search performance will
suffer.
Are you worried about totally unindexed searches ?
Some supporting data would be useful : number of
users,
inactive users, some example searches that you see
slow down,
and so on.
Per se, searches should not be slower when you take
the approach
you have.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com