dynamic group expansion: summarizing ;)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tuesday 01 June 2010 20:38:48 Nathan Kinder wrote:
> On 05/31/2010 02:05 AM, Roberto Polli wrote:
> > Hi all,
> >
> > I'll try to summarize:
> > 1 - we like dynamic group expansion (memberURL is an ldap URI)
> > 2 - ldapsearch -b GROUPDN "uniqueMember=*" retrieves both static and
> > dynamic members
> >    2.1- the forementioned search should retrieve nested group members too
> > 3 - (wish) memberOf plugin should dynamically set the memberOf attribute
> > in underlying entries
> >    3.1 * if memberOf is a virtual attribute, it's impossible to use it in
> > Searches (eg this won't work #ldapsearch "memberof=GROUPDN" )
> >    3.2 * memberOf should be "real"
> >    3.3 * we need a listener on each Update to
> >      3.3.1 * rescan all groups
> >      3.3.2 * update the memberOf attribute
> 
> There are likely some things you can do here to optimize for updates.
> One idea would be to maintain an in-memory cache of dynamic group
> filters that are present.  You would have to scan for these groups at
> server startup to populate the cache and maintain it whenever a group
> filter is modified/added/deleted.
> 
> When an entry is updated, you can use the group filter cache to quickly
> determine if a change to an entry affects it's group membership instead
> of searching for all of the groups each time.
> 
> There may be better ideas than the above, but the cache idea was just a
> quick thought that may help.
added https://bugzilla.redhat.com/show_bug.cgi?id=618988 maybe better move 
discussion there or in the wiki.

Let me know+Peace,
R:

-- 

Roberto Polli
Babel S.r.l. - http://www.babel.it
Tel. +39.06.91801075 - fax +39.06.91612446
Tel. cel +39.340.6522736
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)

"Il seguente messaggio contiene informazioni riservate. Qualora questo 
messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene 
notizia a mezzo e-mail. Vi sollecitiamo altres? a distruggere il messaggio 
erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto 
della legge in materia di protezione dei dati personali."
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux