[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Performance considerations in a possible LDAP ACM implementation

To: Purushottam Goel <pgoel@aztec.soft.net>, ietf-ldapext@netscape.com
Subject: Re: Performance considerations in a possible LDAP ACM implementation
From: Bruce Greenblatt <bgreenblatt@directory-applications.com>
Date: Thu, 09 Aug 2001 07:24:02 -0700
In-reply-to: <D20F6B8B9213D51192BE00B0D020DC28FCDB09@MAYA>

I disagree. All LDAP servers that I know have an existing access control model that they implement. This is an attempt to have the different LDAP servers use a common mechanism.

Bruce

At 06:52 PM 8/9/01 +0530, Purushottam Goel wrote:

Hi All,

Looking at the complexity in v8 if the ACM for LDAPv3, it seems that there
would be significant performance hits that LDAP servers will face vis-à-vis
the current situation where there is no ACM at all. The examples in section
4.3.5 illustrate the amount of computations and lookups that need to be done
just to discover if a subject is allowed an operation or not.

I feel that the biggest performance issue will be in step 1 of Phase 1 (in
section 4.3.4), where the ACM module will have to determine all the
subtreeACI values that apply to the targetEntry.

Any ideas/inputs on possible implementation strategies to overcome the
performance devil are welcome.

_Puru


==============================================
Bruce Greenblatt, Ph. D.
Directory Tools and Application Services, Inc.
http://www.directory-applications.com

References:
- Performance considerations in a possible LDAP ACM implementation
  - From: Purushottam Goel <pgoel@aztec.soft.net>

Prev by Date: Performance considerations in a possible LDAP ACM implementation
Next by Date: FWD:SEARCH ENGINE TRAFFIC NOW
Index(es):
- Chronological
- Thread