#1367 Optimize AD memberOf lookups with LDAP_MATCHING_RULE_IN_CHAIN
Closed: Fixed None Opened 6 years ago by sgallagh.

Active Directory has a special control that can be used to retrieve the complete ancestry of an object based on an attribute such as memberOf.

Community member Sigbjorn Lie pointed out http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx which describes how to construct a search filter to take advantage of this ability.

We should use this when performing initgroups lookups for Active Directory users, for a significant performance increase.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 2
owner: somebody => sgallagh
status: new => assigned

Fixed by:
- 3963d3f
- 97ae45d
- d42d371
- 2c62da3

resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.9.0 beta 2

2 years ago

Login to comment on this ticket.

Metadata