[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4781) optimize bind behavior in back-ldap when idassert is in use

To: openldap-its@OpenLDAP.org
Subject: (ITS#4781) optimize bind behavior in back-ldap when idassert is in use
From: ando@sys-net.it
Date: Sun, 17 Dec 2006 21:10:04 GMT

Full_Name: Pierangelo Masarati
Version: HEAD
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


When idassert is used with "override" (i.e. it occurs also when the instance of
back-ldap is the authorizing backend) and it is going to accept to authorize any
identity, there is no need to create/destroy a connection for each bind, since
subsequent operations will ever occur on the privileged, cached connection with
identity assertion.  So a separate cached connection is used only for binds,
which of course need to be serialized (i.e. wait for response before submitting
another one).  Here there's room for further optimization: in case the
connection is busy waiting for response, back-ldap can either wait or use a
temporary (the original behavior).  Further optimization will allow a pool of
dedicated connections to alleviate concurrency issues.

A patch is coming.

p.

Prev by Date: Re: (ITS#4780) ACL set memory leak
Next by Date: Re: (ITS#4585) slapd-search generates TIME_WAIT connections increasingly
Index(es):
- Chronological
- Thread