• 6
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

We have a LDAP directory with more than 50,000 users in it. LDAP Vendor suggests maximum limit of 40,000 users per LDAP group. We have number of inactive users and those are being purged but what if we don't get below the 40,000 users? Would switching to using multivalued attribute at user record level instead of using LDAP groups yield better performance during authentication, adding new users, etc?

I know most server software (portal, application servers, etc) use LDAP groups. But, we have a standardized web service interface for access control instead of relying on server software to map LDAP groups to security roles. Each application uses this common "access control web service". Security roles are used within application to build fine-grained ACL used within each enterprise application.

Groups already use multi-valued attributes like uniqueMember and member. In some legacy directory servers, the real problem was the handling of multi-valued attributes in any entry, not just a group entry (there is nothing special about a group, it's just a member of an objectClass that requires/allows uniqueMember or member or whatever). Depending on who the vendor is, it's unlikely IMO that switching to multi-valued attributes would greatly increase performance.

  • 2
Reply Report
      • 2
    • Thanks for the answer. Have you tried using attributes instead of LDAP groups? Any other suggestions to improve LDAP performance to add a new user? Its taking more than 5 minutes to add a new user.
      • 1
    • @VineetBhatia Most likely, that will depend more on the specific implementation of LDAP (as in, what vendor and software) than any other factor.

Trending Tags