[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ACL performance again
I've added a pointer to the set syntax in the FAQ:
http://www.openldap.org/faq/data/cache/452.html
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Pierangelo
> Masarati
>
> > On Monday, 28. January 2002 07:04, Howard Chu wrote:
> > > > -----Original Message-----
> > > > From: owner-openldap-devel@OpenLDAP.org
> > > > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Stephan Siano
> > > >
> > > > Good idea. Actually the only ACLs which are value dependant are
> > > > access to ... by dnattr=... self... clauses (b->a_dn_at and
> b->a_dn_self
> > > > are not NULL for one of the items in the acl_access list of the access
> > > > control) and those containing ACIs. Both conditions could be
> evaluated in
> > > > aclparse.c.
> > >
> > > Actually there's another case, ACL sets. Too bad there doesn't seem to be
> > > an easy way to cache these, because they are value-dependent and can be
> > > very complex and expensive to evaluate.
> >
> > How do these ACL sets look? I couldn't find anything about it in the code.
> > The only places where the val parameter in acl_mask() is used are the two
> > cases mentioned above.
>
> There's no documentation about that, and reading the code seems not very
> practical because it is quite involved. I was trying to write a man
> page; all the info you can get is from -devel:
>
> http://www.openldap.org/lists/openldap-devel/200006/msg00005.html
>
> Follow the entire thread by Mark Valence (maybe there's more in other
> threads) and I'm sure Mark, based on his spare time, will ask any
> question :)
>
> Pierangelo.
>