I forgot to mention the performance aspect. If you traverse all persons from the CEO down you need as many LDAP search operations as you have persons in the directory, each require a full network roundtrip, which takes time. If you want to parallelize that, I'd recomment to convert the recursive tree traversal into some iterative processing. Create a fixed thread pool of workers e.g. 4 or 8, to limit the number of connections. Separate the production and consumption of DNs by creating a thread-safe list. A worker takes one DN from the list, retrieves the entry, and adds all "directreports" DNs into the list, which can be taken by free workers.
However if possible I'd avoid such a costly tree traversal, and instead use e.g. paged search. Kind Regards, Stefan
