[turba] Re: LDAP scope

Craig White craigwhite at azapple.com
Mon Feb 21 19:36:56 PST 2005 

On Mon, 2005-02-21 at 16:05 -0600, Edwin L. Culp wrote:
> Quoting Craig White <craigwhite at azapple.com>:
> 
> > On Mon, 2005-02-21 at 10:04 +0100, Michael Eichenberger wrote:
> 
> <big snip>
> 
> > This of course, presumes that the 'scope' parameter isn't already
> > available and I am too stupid to figure out how to make it work.
> 
> I don't find as I mentioned in a previous email but I do have a couple of
> questions for you that will improve my knowledge of ldap configuration.
> 
> 1. I've never been tempted to use the -s option to ldapsearch.  I have a very
> flat tree so I just use the -b base alone and that is what I think Michael was
> suggesting with:
> $basednprivate='ou=stepping-stone.ch,ou=default,ou=private,ou=contacts,ou=service,o=stepping-stone,c=ch';
> and
> 'root' => 'ou=' . $uid . ',' . $basednprivate,
> 
> How significant would the difference between -s one and the above -b which I
> assume would only be one level?  Not much, I bet.  It could very well 
> be that I
> don't understand the -s [one|sub|base] options.
----
the idea is that this server is doing other things than ldap
lookup/authentication etc.

If I do a search and I am searching a base that has let's say, 30
entries but each of those entries has sub entries, each with maybe
10-100 entries, then a simple search that I only need/want the base
search of 30 entries, ends up searching say an average of 50 entries X
30 users or 1500 entries, you can imagine how the wasted cycles
multiply. Searching 1500+30 entries only to turn around and filter the
1500 possible entries out of the returned values isn't a very efficient
way to do things.

Even worse, if I use the same type of lookup for my MTA to determine
whether to accept mail for local delivery, and I am getting a lot of
email each day, that would be a lot of wasted lookups. Thus, I have to
contain those lookups to a scope of 'one' or 'onelevel' as it seems to
be referred to these days.

Obviously, I can lessen the impact of all this by tuning the ldap
cachesize to try to keep them all in a cache (memory permitting).

Of course, you can create separate containers for each type of Address
Book and restructure the ACL's but it's much simpler for me to manage if
I have the user's personal address book containers inside the users own
space itself and I have to deal with applications that just want to sub
search everything.
----
> 
> 2. If not ldap, would you put the addressbook in mysql?
----
the issue of mysql is rather pointless since entries would be captive to
horde usage and my concept is multi-functional to encourage usage. If
they bother putting entries into their personal LDAP address book, they
can use both with horde and with their mail application, be it Outlook,
Outlook Express, Apple Mail, Eudora, Thunderbird or ...

Craig

More information about the turba mailing list