Sigurd Nes
2008-08-06 12:21:54 UTC
Hi all,
I'm not all that familiar with the LDAP implementation - and I don't have the code in front of me - so please bear with me.
Imagine giving grants to a group containing thousands of members. For the current implementation of acl - one will have to ask the database for a result with a condition containing all those members. How about joining on the account/group-table and just ask for that group?
This approach should work fine for sql-accounts - but I'm not sure about the LDAP-accounts.
If this iformation is missing for LDAP-accounts,
How about sync in accounts and groups from the LDAP backend to make this possible?
Regards
Sigurd
I'm not all that familiar with the LDAP implementation - and I don't have the code in front of me - so please bear with me.
Imagine giving grants to a group containing thousands of members. For the current implementation of acl - one will have to ask the database for a result with a condition containing all those members. How about joining on the account/group-table and just ask for that group?
This approach should work fine for sql-accounts - but I'm not sure about the LDAP-accounts.
If this iformation is missing for LDAP-accounts,
How about sync in accounts and groups from the LDAP backend to make this possible?
Regards
Sigurd