[Date Prev][Date Next]
Re: Perfomance with ACLs
Mensaje citado por: "Kurt D. Zeilenga"
> At 06:59 PM 10/19/99 +0200, Joaquin Galeano wrote:
> >I'm trying to set up acls with our directory in order
to limit access to
> >administrators. The thing is that with those controls
we have a very
> >very bad performance. Is that normal?
> It's easy to write poorly performing access
> >Is there a way to reduce the performace lose?
> A few general hints:
> 1) combine rules
I have tried with only one rule. In this case, the rule
is exactly like the following:
access to dn="ou=suborg-1,o=org,c=ES"
by dn="cn=admin,ou=suborg-n,o=org,c=ES" write
With that only rule, the time it takes to get a full
listing of the entries under ou=suborg-1 is quite more
than the time it takes to return the list without the
> 2) use efficient regular expressions
I have also tried with other sintax but I got the same
> 3) avoid expensive acl features
I think the rule I set up is the simplest (isn't it?)
Perhaps is a matter of not listing all the entries: an
increment of the required time could be more
'affordable' in cases of searches, but it's only a
question of reducing the base time and the problem would
appear again with a hard use of the service.
> Also note that you might want to experiment with a
> regex library.
I read about using gnu regex library in the list
archive, but haven't still installed it (I thought I
wasn't using regular expressions, so I seemed of little
influence to me).
Thanks for your answer and thanks in advance for any