[Date Prev][Date Next]
Re: [Fwd: Re: running out of file descriptors]
- To: Howard Chu <firstname.lastname@example.org>
- Subject: Re: [Fwd: Re: running out of file descriptors]
- From: Pierangelo Masarati <email@example.com>
- Date: Tue, 23 Nov 2004 21:10:35 +0100
- Cc: openldap-devel@OpenLDAP.org
- Domainkey-signature: a=rsa-sha1; s=mail; d=sys-net.it; c=simple; q=dns; b=QLXu5mo0/JQ+4ZfrfplzTvb6+9hhOMmWirh/IWz3jx2MofC4YXJM+7wYF6EB7khSk wCUoDY0InWtx4Nf+PwwiQ==
- References: <41A2A460.firstname.lastname@example.org>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Howard Chu wrote:
re: ACL regex behavior - was this change a mistake? Seems to be rather
-------- Original Message --------
Date: Tue, 23 Nov 2004 13:05:18 +1100 (EST)
From: Dave Horsfall <email@example.com>
To: OpenLDAP software list <openldap-software@OpenLDAP.org>
Subject: Re: running out of file descriptors
An upgrade and defining "idletimeout" in slapd.conf will fix this
Note that a 2.0 to 2.2 upgrade is not trivial.
But it can be done with a bit of preparation.
The other main thing is that ACLs have changed; pattern matches need to
change to 'access to dn.regex="^uid=.*,dc=.*,dc=cordoors,dc=com$"' etc.
It was intended, and there was a brief discussion. To make it short,
making "regex" the default was seen as not ggod because (a) dangerous
when people write regexes without all the due care (b) error-prone
because leading to excessive use where not strictly required. I was in
favour of disallowing default at all, __REQUIRING__ a style
specificatior to be used all times, to further avoid confusion. I still
think that would be the best, because it would break existing
configurations once for all and require most system administrators to
think if they really require those ACLs to be written that way.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497