[Date Prev][Date Next] [Chronological] [Thread] [Top]

Performance of ACLs

To: openldap-software@OpenLDAP.org
Subject: Performance of ACLs
From: Iddyamadom Santhoshkumar <iskumar@yahoo.com>
Date: Tue, 17 Oct 2000 15:32:58 -0700 (PDT)

Hi

I am using OpenLdap 1.2.11 and having a problem due to

ACLs. 

The following command is issued to do an LDAP search

ldapsearch -D "uid=ouser,ou=People,o=company1,o=com"
-w testpassword -b "o=company1,o=com" "uid=*"

There are a few ACLs in slapd.conf. I was assuming
that those ACLs will validate entries under the base
search path (in this example, "o=company1,o=com").
There are only few entries under "o=company1,o=com"
(may be 20). But, it takes at least 18 seconds to
return the resuls. There are totally 6500 entries in
the directory. 

>From the ACL logs (syslog), I found that each and
every entry in the directory is accessed and that is
why it is taking long time. 

Is it a problem with the OpenLdap or is it designed
like that or is it a problem with my ACLs ? 

defaultaccess none
access to dn="uid=[^,]+,ou=People,o=([^,]+),o=com" 
attrs=entry
       by dn="uid=[^,]+,ou=People,o=$1,o=com" read
access to dn="uid=[^,]+,ou=People,o=([^,]+),o=com"
attrs=userpassword
       by self read
access to dn="uid=[^,]+,ou=People,o=([^,]+),o=com"
       by dn="uid=[^,]+,ou=People,o=$1,o=com" read

I will be greatful for any feedback on this..

THanX in advance
Santhosh



__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/

Follow-Ups:
- Re: Performance of ACLs
  - From: Patrick Timmons <ptimmons@courriel.polymtl.ca>

Prev by Date: Re: graphical LDAP client
Next by Date: Re: Basic SASL setup instructions
Index(es):
- Chronological
- Thread