I am using Active Directory as a identity and group repository for my web application. I connect to it remotely through the LDAP SSL interface and perform operations such as creating users (who has memberships to one or more groups), creating groups and authenticating users.
I could potentially have tens of thousands of small groups (maybe 50,000) for, say 100,000 user, in a flat structure. I am wondering if this is going to be a performance issue when calling Active Directory through LDAP. Active directory enforces uniqueness on username and group names. Should I be concerned that operations like creating and updating user might become too slow as the number of groups grows?
No. As long as you have your indexes set up correctly. It's not a flat structure once it's indexed.