[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slow search after putting in ACL.
> hello all,
>
> I noticed a performance hit after putting putting the following in my
> slapd.conf file:
>
> access to dn=".*,o=company.com" attr=userPassword
> by dn="cn=Manager,o=company.com"
> by self write
> by * auth
>
> access to dn=".*,o=company.com"
> by * read
>
> If I put the above and do a lookup/time..
> time ldapsearch -x -b 'o=company.com' "mail=*@mydomain.com"
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 12
> # numEntries: 11
>
> real 0m8.856s <=========
> user 0m0.000s
> sys 0m0.010s
>
> BUT if I remove the ACL this is what I get:
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 12
> # numEntries: 11
>
> real 0m0.255s <=========
> user 0m0.000s
> sys 0m0.000s
>
>
> I am just trying to make it when there is an anonymous bind not to release
> the encrypted password but allow the normal attributes like
> mail,mailMessageStore,homeDirectory,uid,mailQuota to be sent.
>
> Here are my specs:
>
> OS version: Linux 2.4.22
> ldap version: OpenLDAP 2.1.25
> box: (2) Intel Pentium III 800mhz
> 1gb RAM
> 100gb RAID5
> dn entries: 22,860
>
> Thank you for your time,
This is answered in slapd.access(5) in the "caveats" section,
in both 2.2 and 2.1 (at least latest 2.1, not sure about 2.1.25
which is now pretty old and outperformed by more recent releases).
See
http://www.openldap.org/software/man.cgi?query=slapd.access&apropos=0&sektion=0&manpath=OpenLDAP+2.1-Release&format=html
for details.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497