[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL performance again

To: stephan.siano@suse.de
Subject: Re: ACL performance again
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Mon, 28 Jan 2002 09:29:39 +0100 (MET)
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <20020128075239.21DD6F900@susefra1.fra.suse.de> from Stephan Siano at Jan "28," 2002 "08:45:37" am

> On Monday, 28. January 2002 07:04, Howard Chu wrote:
> > > -----Original Message-----
> > > From: owner-openldap-devel@OpenLDAP.org
> > > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Stephan Siano
> > >
> > > Good idea. Actually the only ACLs which are value dependant are
> > > access to ... by dnattr=... self... clauses (b->a_dn_at and b->a_dn_self
> > > are not NULL for one of the items in the acl_access list of the access
> > > control) and those containing ACIs. Both conditions could be evaluated in
> > > aclparse.c.
> >
> > Actually there's another case, ACL sets. Too bad there doesn't seem to be
> > an easy way to cache these, because they are value-dependent and can be
> > very complex and expensive to evaluate.
> 
> How do these ACL sets look? I couldn't find anything about it in the code. 
> The only places where the val parameter in acl_mask() is used are the two 
> cases mentioned above. 

There's no documentation about that, and reading the code seems not very
practical because it is quite involved.  I was trying to write a man
page; all the info you can get is from -devel:

http://www.openldap.org/lists/openldap-devel/200006/msg00005.html

Follow the entire thread by Mark Valence (maybe there's more in other 
threads) and I'm sure Mark, based on his spare time, will ask any
question :)

Pierangelo.

Follow-Ups:
- RE: ACL performance again
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- Re: ACL performance again
  - From: Stephan Siano <stephan.siano@suse.de>

Prev by Date: RE: ACL performance again
Next by Date: Re: ACL Performance (caching on object basis) (ITS#1523)
Index(es):
- Chronological
- Thread