[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4781) optimize bind behavior in back-ldap when idassert is in use

Full_Name: Pierangelo Masarati
Version: HEAD
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: ando

When idassert is used with "override" (i.e. it occurs also when the instance of
back-ldap is the authorizing backend) and it is going to accept to authorize any
identity, there is no need to create/destroy a connection for each bind, since
subsequent operations will ever occur on the privileged, cached connection with
identity assertion.  So a separate cached connection is used only for binds,
which of course need to be serialized (i.e. wait for response before submitting
another one).  Here there's room for further optimization: in case the
connection is busy waiting for response, back-ldap can either wait or use a
temporary (the original behavior).  Further optimization will allow a pool of
dedicated connections to alleviate concurrency issues.

A patch is coming.