Re: Performance of ACLs

[Iddyamadom Santhoshkumar <iskumar@yahoo.com>]

Hi

I tried adding index for "objectclass". Added
"eq,sub,pres" for "objectclass". It does not reduce
the search time and was accessing all the entries.

As part of testing, I added a "sub" index for "dn",
and it solved the problem. With that index, it
searches only from the base search path specified as
"-b" argument to ldapadd.

Is there a good documentation about how indexes work
in OpenLdap ? I am not able to find an explanation why
"sub" index causes the search to be done from Base
Search path. 

Another item that I wish to get some clarification.
Even after commenting out all the ACLs (anybody can
access anything), the log files (with loglevel 128)
shows that all the entries are checked for access
control. ( I could see lot of "access_allowed" etc in
the log. I did a search with a valid user/password)

Patrick/Mark. ThanX a lot for giving valid pointers.

ThanX
Santhosh

--- Mark Adamson <adamson@andrew.cmu.edu> wrote:
> 
> > Patrick,
> > 
> > ThanX for the reply. I tried your suggestion, but
> > it did not help. Still the search takes 18-19
> seconds.
> > 
> 
> 
> 
> Make sure you are indexing the "objectClass"
> attribute. If you don't, then
> the search has to frisk the whole database for
> referals that could point
> to search hits. Slapd will add a check for
> "objectClass=referal" to any
> search that does not specifically say "don't chase
> referals".
> 
>   -Mark Adamson
>    Carnegie Mellon
> 
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/