#1367 Optimize AD memberOf lookups with LDAP_MATCHING_RULE_IN_CHAIN
Closed: Fixed None Opened 8 years ago by sgallagh.

Active Directory has a special control that can be used to retrieve the complete ancestry of an object based on an attribute such as memberOf.

Community member Sigbjorn Lie pointed out http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx which describes how to construct a search filter to take advantage of this ability.

We should use this when performing initgroups lookups for Active Directory users, for a significant performance increase.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 2
owner: somebody => sgallagh
status: new => assigned

Fixed by:
- 3963d3f
- 97ae45d
- d42d371
- 2c62da3

resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.9.0 beta 2

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2409

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata