[Fedora-directory-users] Ideas for fds

Pete Rowley pete at openrowley.com
Sat Jun 11 02:00:07 UTC 2005 

I seem to have missed the start of this thread, so apologies for replying to
both posts here: 

> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com 
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf 
> Of Richard Megginson
> Sent: Friday, June 10, 2005 4:45 PM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Ideas for fds
> 
> jclowser at unitedmessaging.com wrote:
> 
> > Haven't really thought this through, but would it be 
> possible to use a 
> > combination of roles and cos to create a group the way I am 
> > suggesting?  I would think even if possible, it would be 
> complicated 
> > and probably pretty inefficient, but is an option.  If I remember 
> > correctly, you can't search on dynamic attributes generated by Cos, 
> > though (actually, I think in the most recent version of the Sun DS, 
> > you could search on them, but they are treated as unindexed 
> > searches)...  This would likely factory into the members 
> dynamically 
> > returned as uniquemember idea as well, so one more inefficiency in 
> > implementing my idea :-D
> 

This crops up every now and then and for the reasons given I (and others)
have fended it off.  I am always weary of performance expectations with
feature requests and it is probably unlikely that an implimentation like
this would equal static group performance let alone roles performance.  As
others have said, those potentially huge attribute value lists are a major
issue - just moving that data around on the server side is burdonsome.

Having said that, I did consider what would be required to do this.  If you
required a two way relationship where the static groups could be updated old
style then you would need to make virtual attributes writeable - not a slam
dunk by any means.  If you just wanted readable entries then that is
possible, but not the way you suggest.  You would be far better off creating
a new virtual attribute service provider designed for the purpose than
retro-fitting the functionality into roles.  It could key off the nsrole
attribute and/or interpret dynamic groups.

> In Fedora DS these attributes are "indexed" so you can search 
> on them very quickly (e.g. ldapsearch .... (nsrole=ROLEDN)).
> 

When did indexing get added? :)

More information about the Fedora-directory-users mailing list