LDAP Search

  • Last Post 14 April 2017
mck1012 posted this 22 April 2008

I have a few custom schema attributes linked to user objects. I just found out that the programmers are using these attributes to do LDAP searches. These attributes are not indexed and they are using the root as a starting point for their search, the domain they are searching in is a child domain with over 100,000 user objects. There are 2 other childs and an empty root. what problems could I have if I index these attributes and what can I tell the programmers so the search string is more specific to the OU the user is in.


Order By: Standard | Newest | Votes
darren posted this 14 April 2017

Thanks for that explanation Don. Makes sense.




mck1012 posted this 22 April 2008

Thanks for your reply

What they are trying to do is do a search based on the two custom attributes. One is employee ID and the other is a location code. Both of these are know and they want to get the users SamAccount name and some other account info from the search.

Also this is 2003 FFL.

----- Original Message ----


amulnick posted this 22 April 2008

Not sure you'd have too many issues other than the growth caused by the
addition to the index. Best to test to be sure it's not going to cause a
problem in your environment.

Have they considered using the UPN instead? In your environment it might be
better for portability. It's already indexed as an added bonus.

How are the apps using the credential information now? Are the
apps building a DN from the information entered or are the making

As for telling your programmers what to do, that's going to depend. What
other options do they have? What else do they know about the user's in their
app that can help them refine their searches?

What impact is being felt and what will they get in return for the effort?
(they'll ask, so we may as well ask now, right? )

Just some questions to help get you started down the right path.