[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Virtual Domains & LDAP

On Friday 08 June 2001 19:56, Kevin J. Menard, Jr. wrote:
>     What would be the best structure for this?
>     I was thinking something like:
>     o = my_organization -- domain1
>                         -- domain2
>                         -- domainN
>                         -- Admins -- LDAP Admin
>                         -- Users
>     I figured lumping all the users together would make it easier for
> searches, since there would only be one base.
>     However, I was also thinking of something like this:
>     o = my_organization -- domain1 -- Users
>                         -- domain2 -- Users
>                         -- domainN -- Users
>                         -- Admins -- LDAP Admin
>     With this system, I figured each domain could be within its own
> namespace, and I like this approach better, due to the more natural
> organization of things.  However, being split up like that, I would
> think searches would be agonizingly slow.

No, searches would be fast.

For each user you will have an attribute that you will use as the key for 
your searches, typically uid or cn.  If you do a search for 
"uid=user_company.com" then it'll require a single search operation on a 
single index which should be quite fast.

Searching for the complete DN of "uid=user_company.com, ou=company.com, 
o=my_org" is also a single search of a single index.

Searching for "uid=user_company.com" with a search base of 
"ou=company.com, o=my_org" requires searching through two indexes which 
isn't as fast.  But if the uid attribute has a unique value (which it 
will have if it is the user-name concatenated with the company name) then 
you can just search by the attribute value.

http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to: