Content preview: Alessandro Lasmar Mourão wrote: > Hello, > > I wonder if there
is any limitation on the number of users linked to a group > groupOfUniqueNames
type? > We will provide an application on the Internet for more than 10 million
users, > and all these users belong (uniqueMember) to a single group. > Our
support reported that it is recommended that the user group should not >
have more than 16,000 members, this information accurate? [...]

Content analysis details: (-4.2 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[69.43.206.106 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: highlandsun.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
X-BeenThere: openldap-***@openldap.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenLDAP Technical Discussion list <openldap-technical.openldap.org>
List-Unsubscribe: <http://www.openldap.org/lists/mm/options/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=unsubscribe>
List-Archive: <http://www.openldap.org/lists/openldap-technical/>
List-Post: <mailto:openldap-***@openldap.org>
List-Help: <mailto:openldap-technical-***@openldap.org?subject=help>
List-Subscribe: <http://www.openldap.org/lists/mm/listinfo/openldap-technical>,
<mailto:openldap-technical-***@openldap.org?subject=subscribe>
Errors-To: openldap-technical-***@openldap.org
Sender: "openldap-technical" <openldap-technical-***@openldap.org>
X-Spam-Score: -4.2 (----)
X-Spam-Report: Spam detection software, running on the system "gauss.openldap.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Alessandro Lasmar Mourão wrote: > Hello, > > I wonder if there
is any limitation on the number of users linked to a group > groupOfUniqueNames
type? > We will provide an application on the Internet for more than 10 million
users, > and all these users belong (uniqueMember) to a single group. > Our
support reported that it is recommended that the user group should not >
have more than 16,000 members, this information accurate? [...]

Content analysis details: (-4.2 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[69.43.206.106 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: highlandsun.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
As I recall, older versions of M$ Active Directory had a size limit of 16384
members. Maybe other directory servers did as well. No such limit exists in
OpenLDAP. Note that use of uniqueMember is discouraged in LDAP, you should
just use member.

In slapd you should configure sortvals on the member attribute to have
reasonable comparison speeds on lookups and modifications for such a large
attribute.

Generally it's a bad idea to use static groups of this size, you're better off
using a dynamic group instead.

Alessandro,

All i can say is that in our directory we have 18848 users in a single
group and no problems so far.
Maybe someone else would reply about a upper boundary of groupOfUniqueNames.

2015-10-27 9:11 GMT-03:00 Alessandro Lasmar Mourão <