[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: The value argument to access_allowed, acl_mask, etc.

To: Mark Valence <kurash@sassafras.com>
Subject: Re: The value argument to access_allowed, acl_mask, etc.
From: Julio Sánchez Fernández <j_sanchez@stl.es>
Date: Mon, 17 Jul 2000 18:00:25 +0200
Cc: openldap-devel@OpenLDAP.org
Organization: Poca
References: <39731C88.D557C054@stl.es> <v04220802b598cf489958@[192.168.0.8]>

Mark Valence wrote:
> 
> Julio-
> 
> This parameter is used in a few places.  First, if is needed when
> checking "self" rights in ACLs.

Oh, yes, "self"...

We are paying a lot for this aren't we?  I mean, send_search_entry
is going to loop over every value at every search and each of these
calls is going over the whole ACL set just to get to the precise
same <who> term in the precise same <what> access clause just so
we can do "self"...  Not that is has been a cause for worry, but
seems an area for possible optimization.  Unless we find more use
for this, of course.  Anyway, it seems a little bit overkill for
searches.

Sorry, just disgressing, I am just trying to understand all this.

> Second, it is used in ACIs that
> control access to attributes with certain values.

I am not spending much time on ACIs for the time being.

Thanks for the info,

Julio

References:
- The value argument to access_allowed, acl_mask, etc.
  - From: Julio Sánchez Fernández <j_sanchez@stl.es>
- Re: The value argument to access_allowed, acl_mask, etc.
  - From: Mark Valence <kurash@sassafras.com>

Prev by Date: Using ldap_search() to export all users?
Next by Date: Re: The value argument to access_allowed, acl_mask, etc.
Index(es):
- Chronological
- Thread