[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3510) ACL evaluation short-circuit would be nice

To: openldap-its@OpenLDAP.org
Subject: (ITS#3510) ACL evaluation short-circuit would be nice
From: lukeh@padl.com
Date: Mon, 24 Jan 2005 06:33:10 GMT

Full_Name: Luke Howard
Version: 2.2.22
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.13.32.92)


Perhaps ACL evaluation could be short-circuited for "access to *".

Given a simple ACL configuration of:

access to *
    by users read
    by * none

on a heavily loaded machine, a search for "(objectClass=*)" takes a few seconds
to return as each entry is checked against the ACL rule.

It would be nice if an anonymous client could not consume server resources so
easily.

Prev by Date: Re: (ITS#3507) patch to allow start TLS by back-ldap
Next by Date: RE: (ITS#3500) Changes to the directory do not show up imediately
Index(es):
- Chronological
- Thread