Subject: Grouper Users - Open Discussion List
- From: Michael R Gettes <>
- To: Tom Poage <>
- Cc: "" <>
- Subject: Re: [grouper-users] grouper and openldap
- Date: Fri, 3 Feb 2017 11:18:40 -0500
we have both static group objects and isMemberOf on the user object - so we
do as you suggest if I am understanding you correctly. The real issue is
application behavior. There are still many apps operating against static
group objects. So the need for large groups remains.
I hope this helps.
> On Feb 3, 2017, at 11:12 AM, Tom Poage
> Is it possible in Grouper to 'invert' the solution, making membership a
> user attribute? Then each user entry might be a member of, say, on the
> order of 100 groups vs. managing a single 40k entry object.
>> On Jan 30, 2017, at 7:50 AM, Michael R Gettes
>> I received only a few replies. Others have run into this limitation of
>> openldap not being able to support large static group objects. The problem
>> is really large numbers of multi-valued attributes (not just group
>> objects). My observation is 5 seconds to update when the group object
>> becomes greater than 35K-40K members. Apparently, openldap has to
>> regenerate the member/uniquemember attributes for the entire object each
>> time. This appears to be a known issue with
- Re: [grouper-users] grouper and openldap, Tom Poage, 02/03/2017
Archive powered by MHonArc 2.6.19.