In many cases, using virtual static groups in place of static groups can produce marked performance gains without having to update client applications. Migrating to virtual static groups varies depending on the original directory information tree (DIT), but the general approach involves identifying common membership traits for all members of each group and then expressing those traits in the form of an LDAP URL.
For this task, consider the following:
- The common membership trait for all members of the
All Users
group is the parent distinguish name (DN)ou=People,dc=example,dc=com
. - In other cases, a common attribute might need to be used. For example, groups based
on the location of its members could use the
l
location orst
state attribute. - The common case of an
All Users
group, which contains all entries under the parent DN ou=People,dc=example,dc=com. - When implemented as a virtual static group, this group can have a large membership set without incurring the overhead of a static group.
To migrate Oracle Directory Server Enterprise Edition static groups to virtual static groups: