[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs based on attributes?

To: openldap-technical@openldap.org
Subject: Re: ACLs based on attributes?
From: Jaap Winius <jwinius@umrk.nl>
Date: Mon, 01 Feb 2010 18:06:48 +0100
Cc: Dieter Kluenter <dieter@dkluenter.de>, Howard Chu <hyc@symas.com>
Content-disposition: inline
In-reply-to: <871vh5ym7r.fsf@rubin.avci.de>
References: <20100131010132.mt6mxu5o88xco440@www.umrk.nl> <87ljfelldy.fsf@rubin.avci.de> <20100131191207.vscokx4vl81wkgkg@www.umrk.nl> <0C0E6F46B05952CDC1ADD5F6@[192.168.1.2]> <CA7C716EA83297CEDF0C378E@[192.168.1.2]> <20100131232254.xvrzz17d9a684o8g@www.umrk.nl> <87636hzaf3.fsf@rubin.avci.de> <20100201155141.ycwnao1ipnhcgg8w@www.umrk.nl> <871vh5ym7r.fsf@rubin.avci.de>
User-agent: Internet Messaging Program (IMP) H3 (4.1.5)

Quoting Dieter Kluenter <dieter@dkluenter.de>:

   description: titlemanager telephonemanager addressmanager


This is a single value, you actually want a multi valued attribute type.


Doh!

Did you define an index for description? ...


No, but that sounds like a good idea.

Quoting Howard Chu <hyc@symas.com>:

It is unnecessary. The description attribute is multivalued, just use
it correctly.


Doh!

Okay, then the set rule is obviously fine the way it is.

I'll also note that using a set for this purpose is still inferior
to using a dynamic group, in terms of performance. Dynamic group
evaluations are cached, sets are not.

If this "set" solution were to be used on a DIT with 100,000 entries,would it really slow things down significantly, assuming thedescription attribute was indexed?


Thanks,

Jaap

References:
- Re: ACLs based on attributes?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: ACLs based on attributes?
  - From: Jaap Winius <jwinius@umrk.nl>
- Re: ACLs based on attributes?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: ACLs based on attributes?
Next by Date: Re: refint overlay don't works as expected
Index(es):
- Chronological
- Thread