On Mon, 6 Dec 2010 14:57:33 +0100
Sumit Bose <sbose(a)redhat.com> wrote:
> I use value because when USNs are not available that thing
contains
> the max modifyTimestamp, so I wanted to make sure people think
> about it when they see it.
ok, what about max_(user|group)_ref_value ? Maybe someone else has a
good idea, too? It is just that my first, second and third toughts
when reading max_user_value were not related to the USN or
modifyTimestamps, but to UIDs or usernames. But I agree, that
max_group_usn, might be to restricted here.
What does _ref_ stands for ? Refresh ?
max_user|group_refresh_val ?
> > Maybe it is easier for the LDAP server to optimize a search
filter
> > with (!(%s<=%s)) instead of (%s>=%s)(!(%s=%s)) ?
>
> I haven't changed the original filters, I can create an additional
> patch for this if you like.
I leave this up to you. This was more a question than a suggestion to
change it. I'm not sure how LDAP servers try to optimize this kind of
queries and just thought that a shorter condition might be easier to
optimize. On the other hand '(%s>=%s)(!(%s=%s))' might be easier to
understand for the human eye.
My thinking is that the current form may be more efficient, depending
on how indexes and filter parsing are optimized by the server.
I'll leave it as is for now.
> > OpenLDAP users might be happy if sssd would be able to
autodetect
> > OpenLDAP and use entryCSN. Do you think check for the
> > OpenLDAProotDSE objectclass would be sufficient here?
>
> Yes, give me the details and I can add that easily.
I think the only detail is the OpenLDAProotDSE objectclass. I haven't
found anything else in the OpenLDAP rootDSE which can help here.
Which attribute does openLdap uses on entries ?
entryUSN or USNChanged ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York