Reputation: 154
Recursively search groups under specific ou for a user in LDAP
We currently have an LDAP deployment with millions of users and hundreds of thousands of groups (if not millions), so doing a full recursive lookup for a user takes >3m per query.
I'm needing to find all groups for a user, but only for groups under a specific OU, as others are not relevant and are a waste of search time.
Is there a search for LDAP that can reduce the amount of searching required for the group lookup?
Upvotes: 0
Views: 307
Answers (1)
Reputation: 4100
Does your directory stamp the membership on the Users? eDirectory does (groupMembership). Active Directory does a synthetic attribute that does the lookup when you query the attribute memberOf.
Consider stamping that on the users, then as you look at a user, the data you want is stored on the User. Not in the thousands of groups out there, where youo have to go look to see which the user is a member.
Upvotes: 0
Related Questions
- Using LDAPSEARCH to return all Groups and OU's in an Active Directory domain
- LDAP: Filter users belonging to a group across multiple OU's
- How to search for users of a group in ldapsearch?
- How can I make a LDAP query that returns only groups having OU=Groups from all levels?
- LDAP Python - Search for users which are members of a group in nested OUs
- LDAP query to return all groups in specified OU
- LDAP search filter for selecting the groups with a particular member
- LDAP Query to return OU which contains a given user
- ldapsearch of users and show all their inherited groups
- How to retrieve the ou of the group a user belongs to in LDAP