Thanks for the replies, sorry to be vague. Maybe I dont have anything to worry about. I have 30k current users, and 70k inactive users (approx). My current user base will remain the same, but obviously my inactive users continue to grow. Yes directories can scale well beyond those numbers. Except for provisioning applications, I assume you would want authn apps etc. pointing to a base of current users. Why point at 100k when you are using just 30k? Another assumption :) big companies with huge ldap's where uid's dont expire... Do they just keep all the entries together? I thought maybe there was some normal practice in this situation. --- David Boreham <david_list at boreham.org> wrote: > Scott wrote: > > >In our ldap we do not delete users, we deactivate > them > >with nsaccountlock. All user entries are in the > same > >branch of the tree. In this data structure, all > uid's > >are unique and are not used again. > > > >Ok well now our ldap is getting large and I would > like > >active users separate from inactive users to > provide > >better search performance. AFAIK lot of services > keep > >uid's so they cannot be used again. What's a good > >design approach? Do inactive users move to another > >tree? Maybe move to another server and use a > referral > >somehow. What do ldap admins do with all this dead > >weight? :) > > > > > I'm curious why you think search performance will > suffer. > Are you worried about totally unindexed searches ? > > Some supporting data would be useful : number of > users, > inactive users, some example searches that you see > slow down, > and so on. > > Per se, searches should not be slower when you take > the approach > you have. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
