| Author | Messages | |
mck1012
Posts:40
 | | 04/22/2008 8:14 PM |
| I have a few custom schema attributes linked to user objects. I just found out that the programmers are using these attributes to do LDAP searches. These attributes are not indexed and they are using the root as a starting point for their search, the domain they are searching in is a child domain with over 100,000 user objects. There are 2 other childs and an empty root. what problems could I have if I index these attributes and what can I tell the programmers so the search string is more specific to the OU the user is in.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
| | | |
| amulnick
Posts:110
| | 04/22/2008 9:05 PM |
| Not sure you'd have too many issues other than the growth caused by the
addition to the index. Best to test to be sure it's not going to cause a
problem in your environment.
Have they considered using the UPN instead? In your environment it might be
better for portability. It's already indexed as an added bonus.
How are the apps using the credential information now? Are the
apps building a DN from the information entered or are the making
assumptions?
As for telling your programmers what to do, that's going to depend. What
other options do they have? What else do they know about the user's in their
app that can help them refine their searches?
What impact is being felt and what will they get in return for the effort?
(they'll ask, so we may as well ask now, right? )
Just some questions to help get you started down the right path.
Al
On Tue, Apr 22, 2008 at 8:12 PM, mck1012 <mck1012@yahoo.com> wrote:
> I have a few custom schema attributes linked to user objects. I just
> found out that the programmers are using these attributes to do LDAP
> searches. These attributes are not indexed and they are using the root as a
> starting point for their search, the domain they are searching in is a child
> domain with over 100,000 user objects. There are 2 other childs and an empty
> root. what problems could I have if I index these attributes and what can I
> tell the programmers so the search string is more specific to the OU the
> user is in.
>
> ------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
> now.<http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ>
>
| | | |
| mck1012
Posts:40
| | 04/22/2008 9:15 PM |
| Thanks for your reply
What they are trying to do is do a search based on the two custom attributes. One is employee ID and the other is a location code. Both of these are know and they want to get the users SamAccount name and some other account info from the search.
Also this is 2003 FFL.
----- Original Message ----
From: Al Mulnick <amulnick@gmail.com>
To: ActiveDir@mail.activedir.org
Sent: Tuesday, April 22, 2008 9:04:47 PM
Subject: Re: [ActiveDir] LDAP Search
Not sure you'd have too many issues other than the growth caused by the addition to the index. Best to test to be sure it's not going to cause a problem in your environment.
Have they considered using the UPN instead? In your environment it might be better for portability. It's already indexed as an added bonus.
How are the apps using the credential information now? Are the apps building a DN from the information entered or are the making assumptions?
As for telling your programmers what to do, that's going to depend. What other options do they have? What else do they know about the user's in their app that can help them refine their searches?
What impact is being felt and what will they get in return for the effort? (they'll ask, so we may as well ask now, right? )
Just some questions to help get you started down the right path.
Al
On Tue, Apr 22, 2008 at 8:12 PM, mck1012 <mck1012@yahoo.com> wrote:
I have a few custom schema attributes linked to user objects. I just found out that the programmers are using these attributes to do LDAP searches. These attributes are not indexed and they are using the root as a starting point for their search, the domain they are searching in is a child domain with over 100,000 user objects. There are 2 other childs and an empty root. what problems could I have if I index these attributes and what can I tell the programmers so the search string is more specific to the OU the user is in.
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
| | | |
|
|