Hi,

I'm having a large group which is having about fifty thousand users in
it. I added the "Member" attribute onto Group class within the edir
driver filter on the vault. Each time a user is added or deleted from
this group, it takes quite long time to process the synchronization from
the vault to the edir server because it retrieves the whole group member
list which is pretty long. If I don't add the "Member" attribute then
the synchronization is fast and I found the group member was actually
updated on edir server. So my question is do I have to add "Member"
attribute into the driver filter for Group class? If I have to then how
to avoid the long processing time? If I don't have to then how to
guarantee the group member is actually synchronized?

Please see the following trace log on downstream edir server, I didn't
put all logs here as the list is long.

[03/22/10 16:41:06.934]:eDirectory PT:: Waiting for receive...
[03/22/10 16:41:07.108]:eDirectory PT:: Received.
[03/22/10 16:41:07.110]:eDirectory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20100227191504.751Z" class-name="Group"
event-id="im3-test#20100227191504#1#1"
qualified-src-dn="dc=nz\dc=ac\dc=auckland\dc=ec\OU=ec_group\CN=e xpired"
src-dn="\IM3-TEST\nz\ac\auckland\ec\ec_group\expired"
src-entry-id="181340" timestamp="1267298104#16">
<association
state="associated">{DDF37E73-9248-6542-ED94-DDF37E739248}</association>
<modify-attr attr-name="Member">
<add-value>
<value
association-ref="{1AAD11DA-A224-d742-318D-1AAD11DAA224}"
timestamp="1267298104#16"
type="dn">\IM3-TEST\nz\ac\auckland\ec\ec_users\pjoh035</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[03/22/10 16:41:07.137]:eDirectory PT:Receiving DOM document from
application.
[03/22/10 16:41:07.139]:eDirectory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20100227191504.751Z" class-name="Group"
event-id="im3-test#20100227191504#1#1"
qualified-src-dn="dc=nz\dc=ac\dc=auckland\dc=ec\OU=ec_group\CN=e xpired"
src-dn="\IM3-TEST\nz\ac\auckland\ec\ec_group\expired"
src-entry-id="181340" timestamp="1267298104#16">
<association
state="associated">{DDF37E73-9248-6542-ED94-DDF37E739248}</association>
<modify-attr attr-name="Member">
<add-value>
<value
association-ref="{1AAD11DA-A224-d742-318D-1AAD11DAA224}"
timestamp="1267298104#16"
type="dn">\IM3-TEST\nz\ac\auckland\ec\ec_users\pjoh035</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[03/22/10 16:41:07.165]:eDirectory PT:Applying input transformation
policies.
[03/22/10 16:41:07.168]:eDirectory PT:Applying policy:
%+C%14Cpub-itp-EmailOnFailedPasswordSub%-C.
[03/22/10 16:41:07.171]:eDirectory PT: Applying to modify #1.
[03/22/10 16:41:07.173]:eDirectory PT: Evaluating selection criteria
for rule 'Send e-mail on a failure when subscribing to passwords'.
[03/22/10 16:41:07.177]:eDirectory PT: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
[03/22/10 16:41:07.181]:eDirectory PT: (if-operation equal
"status") = FALSE.
[03/22/10 16:41:07.183]:eDirectory PT: Rule rejected.
[03/22/10 16:41:07.185]:eDirectory PT: Evaluating selection criteria
for rule 'Send e-mail on failure to reset connected system password
using the Identity Manager data store password'.
[03/22/10 16:41:07.191]:eDirectory PT: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
[03/22/10 16:41:07.195]:eDirectory PT: (if-operation equal
"status") = FALSE.
[03/22/10 16:41:07.198]:eDirectory PT: Rule rejected.
[03/22/10 16:41:07.201]:eDirectory PT:Policy returned:
[03/22/10 16:41:07.203]:eDirectory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20100227191504.751Z" class-name="Group"
event-id="im3-test#20100227191504#1#1"
qualified-src-dn="dc=nz\dc=ac\dc=auckland\dc=ec\OU=ec_group\CN=e xpired"
src-dn="\IM3-TEST\nz\ac\auckland\ec\ec_group\expired"
src-entry-id="181340" timestamp="1267298104#16">
<association
state="associated">{DDF37E73-9248-6542-ED94-DDF37E739248}</association>
<modify-attr attr-name="Member">
<add-value>
<value
association-ref="{1AAD11DA-A224-d742-318D-1AAD11DAA224}"
timestamp="1267298104#16"
type="dn">\IM3-TEST\nz\ac\auckland\ec\ec_users\pjoh035</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[03/22/10 16:41:07.228]:eDirectory PT:Applying schema mapping policies
to input.
[03/22/10 16:41:07.230]:eDirectory PT:Applying policy:
%+C%14CMappingRule%-C.
[03/22/10 16:41:07.233]:eDirectory PT: No mapping for class-name
'Group'.
[03/22/10 16:41:07.235]:eDirectory PT:Resolving association
references.
[03/22/10 16:41:07.239]:eDirectory PT:No event transformation
policies.
[03/22/10 16:41:07.242]:eDirectory PT:Applying publisher filter.
[03/22/10 16:41:07.245]:eDirectory PT:Publisher processing modify for
\IM3-TEST\nz\ac\auckland\ec\ec_group\expired.
[03/22/10 16:41:07.249]:eDirectory PT:Reading relevant attributes from
nz\ac\auckland\ec\ec_group\expired.
[03/22/10 16:41:07.253]:eDirectory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="Group"
dest-dn="nz\ac\auckland\ec\ec_group\expired" dest-entry-id="42914"
scope="entry">
<read-attr attr-name="Member"/>
<read-attr attr-name="Object Class"/>
</query>
</input>
</nds>
[03/22/10 16:41:07.265]:eDirectory PT:Pumping XDS to eDirectory.
[03/22/10 16:41:07.267]:eDirectory PT:Performing operation query for
nz\ac\auckland\ec\ec_group\expired.
[03/22/10 16:41:08.564]:eDirectory PT:Read result:
[03/22/10 16:41:08.916]:eDirectory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="Group" event-id="0"
qualified-src-dn="dc=nz\dc=ac\dc=auckland\dc=ec\OU=ec_group\CN=e xpired"
src-dn="\ECEDIR-TEST\nz\ac\auckland\ec\ec_group\expired"
src-entry-id="42914">
<association
state="associated">{DDF37E73-9248-6542-ED94-DDF37E739248}</association>
<attr attr-name="Member">
<value timestamp="1257600055#6"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\apip002</value>
<value timestamp="1257738070#15"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\fall002</value>
<value timestamp="1099291138#37"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\wdix001</value>
<value timestamp="1257680935#6"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\pjel001</value>
<value timestamp="1257380859#6"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\otum003</value>
<value timestamp="1257600300#6"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\dwoo030</value>
<value timestamp="1099291183#61"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\stra013</value>
<value timestamp="1257601586#6"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\cpic007</value>
<value timestamp="1257389446#21"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\jcli010</value>
<value timestamp="1257738351#14"
type="dn">\ECEDIR-TEST\nz\ac\auckland\ec\ec_users\csan023</value>
.......


--
dqu002jes
------------------------------------------------------------------------
dqu002jes's Profile: http://forums.novell.com/member.php?userid=56660
View this thread: http://forums.novell.com/showthread.php?t=405375