[Date Prev][Date Next]
Re: ACL performance again
On Monday, 28. January 2002 07:04, Howard Chu wrote:
> > -----Original Message-----
> > From: owner-openldap-devel@OpenLDAP.org
> > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Stephan Siano
> > Good idea. Actually the only ACLs which are value dependant are
> > access to ... by dnattr=... self... clauses (b->a_dn_at and b->a_dn_self
> > are not NULL for one of the items in the acl_access list of the access
> > control) and those containing ACIs. Both conditions could be evaluated in
> > aclparse.c.
> Actually there's another case, ACL sets. Too bad there doesn't seem to be
> an easy way to cache these, because they are value-dependent and can be
> very complex and expensive to evaluate.
How do these ACL sets look? I couldn't find anything about it in the code.
The only places where the val parameter in acl_mask() is used are the two
cases mentioned above.
Note that some ACLs depend on some attribute values but need not be
consindered as value dependant in this context (e.g. normal by dnattr= ACLs
(without self) because even though they depend on the value of an attribute
in the entry they are valid for the whole entry and not for single values.
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607