I am rewritting a user manager created with ColdFusion/LDAP via CFLDAP that needs the ability to list all the users in a group whose last name (sn) starts with n, where n is any letter of the alphabet.
The way the original author created the logic is as follows:
Query the LDAP server for all the user id's that belong to a specified group. - Query 1
<cfldap server="#ldapServer#"
action="query"
name="auth_get_users_raw"
attributes="uniquemember"
start="cn=GroupName, ou=Groups,o=ourDomain.com"
filter="(&(objectclass=groupOfUniqueNames))"
scope="base"
maxrows=1
>
This just returns a single record which is essentially a list of all the uids that belong to the group.
Query the entire LDAP server for all users whose lastname (sn) begins with n. - Query 2
<cfldap server="#ldapServer#"
action="query"
name="auth_get_users"
attributes="dn,cn,sn,givenname,uid"
start="ou=People,o=ourDomain.com"
filter="(&(objectclass=Person)(sn=n*))"
scope="onelevel"
maxrows=#the_maxrows#
>
Loop through Query 2, see if the current userid is was found in the list generated by Query 1, if so, display the result.
This scenario worked fine when the directory was initially created, but as it grew, this code did not scale well. There are now several hundered thousand users in the directory and a few hundred groups. Obviously the logic in place is very inefficient as bringing back all the users whose lastname starts with n in the entire directory when only a few dozen might belong to the desired group.
Is there a way to obtain the same data from the ldap server using a single query? I can't seem to find a way to obtain the dn,cn,sn,givenname,uid for all members of a group using a single query. The only thing I can seem to obtain is the uid for all the members of a group.
I know that I included Coldfusion specific code which belongs in a ColdFusion forum, but I think you can derive the information that you need from those snippets no matter what language you are familiar with.
I appreciate any advice.
Thanks,
Chris
The way the original author created the logic is as follows:
Query the LDAP server for all the user id's that belong to a specified group. - Query 1
<cfldap server="#ldapServer#"
action="query"
name="auth_get_users_raw"
attributes="uniquemember"
start="cn=GroupName, ou=Groups,o=ourDomain.com"
filter="(&(objectclass=groupOfUniqueNames))"
scope="base"
maxrows=1
>
This just returns a single record which is essentially a list of all the uids that belong to the group.
Query the entire LDAP server for all users whose lastname (sn) begins with n. - Query 2
<cfldap server="#ldapServer#"
action="query"
name="auth_get_users"
attributes="dn,cn,sn,givenname,uid"
start="ou=People,o=ourDomain.com"
filter="(&(objectclass=Person)(sn=n*))"
scope="onelevel"
maxrows=#the_maxrows#
>
Loop through Query 2, see if the current userid is was found in the list generated by Query 1, if so, display the result.
This scenario worked fine when the directory was initially created, but as it grew, this code did not scale well. There are now several hundered thousand users in the directory and a few hundred groups. Obviously the logic in place is very inefficient as bringing back all the users whose lastname starts with n in the entire directory when only a few dozen might belong to the desired group.
Is there a way to obtain the same data from the ldap server using a single query? I can't seem to find a way to obtain the dn,cn,sn,givenname,uid for all members of a group using a single query. The only thing I can seem to obtain is the uid for all the members of a group.
I know that I included Coldfusion specific code which belongs in a ColdFusion forum, but I think you can derive the information that you need from those snippets no matter what language you are familiar with.
I appreciate any advice.
Thanks,
Chris