Hello, Nowadays, we have a WebSphere (5.0.2) authenticating users stored in OpenLDAP 2.1.22, in a standard way: User Filter (&(uid=%v)(objectclass=inetOrgPerson)) Group Filter (&(cn=%v)(objectclass=groupOfUniqueNames)) User ID Map inetOrgPerson:uid Group ID Map *:cn Group Member ID Map groupOfUniqueNames:uniqueMember
ou=users cn:user1 objectClass: inetOrgPersn cn: user1 uid: user1 userPassword: pwd sn: test givenName: user1 cn:user1 ( idem )
So, the "general" role entry is a very huge entry, because it contains a lot of users. Our LDAP is suffering some performance degradation and we think that this could be one reason.
The question is: can we set the membership of a role by adding an attribute in each user record, as Tomcat does ? (In Tomcat's server.xml file, the property userRoleName points to an user attribute that is the role name)