directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harris, Christopher P" <>
Subject RE: Proper use of LdapConnectionPool
Date Tue, 03 Feb 2015 23:11:52 GMT

The hierarchy and logical organization are indeed different.

However, even if they weren't different, I'd still be left with the problem that OBJECT or
ONE_LEVEL don't seem to work and SUBTREE seems to act like OBJECT for this particular AD instance.

 - Chris

-----Original Message-----
From: Stefan Seelmann [] 
Sent: Tuesday, February 03, 2015 3:49 PM
Subject: Re: Proper use of LdapConnectionPool

On 02/03/2015 10:19 PM, Emmanuel Lécharny wrote:
> Le 03/02/15 22:07, Stefan Seelmann a écrit :
>> I forgot to mention the performance aspect.
>> If you traverse all persons from the CEO down you need as many LDAP 
>> search operations as you have persons in the directory, each require 
>> a full network roundtrip, which takes time.
> What's the point of doing that when a ONE_LEVEL search done one level 
> below would provide all the entries with one single Search ?

If I understand Chris correctly the directory hierarchy and the logical organisational hierarchy
are different. For example:

dn: cn=ceo,ou=c,ou=b,ou=a
directreports: cn=jane,ou=x,ou=w,ou=a
directreports: cn=john,ou=z,ou=y,ou=a

If that is the case the "directreports" are not LDAP child entries, but just pointer to somewhere
in the directory tree. Similar to nested group membership.

@Chris, if this is not the case then please ignore my mail and use ONE_LEVEL search to traverse
the directory hierarchy, that is the preferred way.

>> However if possible I'd avoid such a costly tree traversal, and 
>> instead use e.g. paged search.
> Actually, it's probably better to abandon the request when you get 
> what you want, paged search will just mitigate the memory used on the 
> client side.

The information transmitted is intended only for the person(s) or entity to which it is addressed
and may contain confidential and/or legally privileged material. Delivery of this message
to any person other than the intended recipient(s) is not intended in any way to waive privilege
or confidentiality. Any review, retransmission, dissemination or other use of, or taking of
any action in reliance upon, this information by entities other than the intended recipient
is prohibited. If you receive this in error, please contact the sender and delete the material
from any computer.

For Translation:
View raw message