Using LDAP Attributes to improve performance for large directories
Posted
by
Vineet Bhatia
on Server Fault
See other posts from Server Fault
or by Vineet Bhatia
Published on 2012-08-29T14:52:55Z
Indexed on
2012/08/29
15:40 UTC
Read the original article
Hit count: 361
We have a LDAP directory with more than 50,000 users in it. LDAP Vendor suggests maximum limit of 40,000 users per LDAP group. We have number of inactive users and those are being purged but what if we don't get below the 40,000 users? Would switching to using multivalued attribute at user record level instead of using LDAP groups yield better performance during authentication, adding new users, etc?
I know most server software (portal, application servers, etc) use LDAP groups. But, we have a standardized web service interface for access control instead of relying on server software to map LDAP groups to security roles. Each application uses this common "access control web service". Security roles are used within application to build fine-grained ACL used within each enterprise application.
© Server Fault or respective owner