Using LDAP Attributes to improve performance for large directories

Posted by Vineet Bhatia on Server Fault See other posts from Server Fault or by Vineet Bhatia
Published on 2012-08-29T14:52:55Z Indexed on 2012/08/29 15:40 UTC
Read the original article Hit count: 361

We have a LDAP directory with more than 50,000 users in it. LDAP Vendor suggests maximum limit of 40,000 users per LDAP group. We have number of inactive users and those are being purged but what if we don't get below the 40,000 users? Would switching to using multivalued attribute at user record level instead of using LDAP groups yield better performance during authentication, adding new users, etc?

I know most server software (portal, application servers, etc) use LDAP groups. But, we have a standardized web service interface for access control instead of relying on server software to map LDAP groups to security roles. Each application uses this common "access control web service". Security roles are used within application to build fine-grained ACL used within each enterprise application.

© Server Fault or respective owner

Related posts about Performance

Related posts about ldap