[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3510) ACL evaluation short-circuit would be nice
Full_Name: Luke Howard
Version: 2.2.22
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.13.32.92)
Perhaps ACL evaluation could be short-circuited for "access to *".
Given a simple ACL configuration of:
access to *
by users read
by * none
on a heavily loaded machine, a search for "(objectClass=*)" takes a few seconds
to return as each entry is checked against the ACL rule.
It would be nice if an anonymous client could not consume server resources so
easily.