[Date Prev][Date Next]
(ITS#4781) optimize bind behavior in back-ldap when idassert is in use
Full_Name: Pierangelo Masarati
Submission from: (NULL) (18.104.22.168)
Submitted by: ando
When idassert is used with "override" (i.e. it occurs also when the instance of
back-ldap is the authorizing backend) and it is going to accept to authorize any
identity, there is no need to create/destroy a connection for each bind, since
subsequent operations will ever occur on the privileged, cached connection with
identity assertion. So a separate cached connection is used only for binds,
which of course need to be serialized (i.e. wait for response before submitting
another one). Here there's room for further optimization: in case the
connection is busy waiting for response, back-ldap can either wait or use a
temporary (the original behavior). Further optimization will allow a pool of
dedicated connections to alleviate concurrency issues.
A patch is coming.