Scott wrote: >In our ldap we do not delete users, we deactivate them >with nsaccountlock. All user entries are in the same >branch of the tree. In this data structure, all uid's >are unique and are not used again. > >Ok well now our ldap is getting large and I would like >active users separate from inactive users to provide >better search performance. AFAIK lot of services keep >uid's so they cannot be used again. What's a good >design approach? Do inactive users move to another >tree? Maybe move to another server and use a referral >somehow. What do ldap admins do with all this dead >weight? :) > > I'm curious why you think search performance will suffer. Are you worried about totally unindexed searches ? Some supporting data would be useful : number of users, inactive users, some example searches that you see slow down, and so on. Per se, searches should not be slower when you take the approach you have.
