Sam Tran wrote:
Hi,
I just read about the virtual DIT views in the Red Hat Directory
Server Deployment Guide.
I was wondering how well the virtual DIT views work compare to an
hierarchical DIT structure?
Generally speaking is it better to have a flat DIT and virtual DIT
views than an hierarchical DIT?
Consider the following scenario:
- 1 million user accounts
- 100 user groups
- 1000 authorization objects
- 6000 configuration objects
- 20 internal users for applications
Now, if you put them in seperate branches, then you can scope the
queries accordingly, and the scoping actually has some effect on search
response time.
If you put them all in the same branch, e.g. the root, then scoping your
search to the virtual branches does not help to speed things up at all,
afaik. Also, you can exceed the lookthrough limits easier, which can
make things really slow.
The law of directory maintenance is that the deeper the hierarchy, the
more likely it is to change. Because of this, I like to stay relatively
flat, not more than 2 levels deep in most cases. However, I still would
never design a flat DIT because I believe that it takes away flexibility
of some management applications, mostly third-party. And with third
party applications, you don't have the possibility to modify them to be
"view compatible".
Mike
--
LDAP Directory Consulting - http://www.netauth.com
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
