[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACIs and OL 2.3



Turbo Fredriksson wrote:

>> You should note some other odds in input/output, since
>> normalization/prettification is consistently used on ACI values.  You
>> might also notice some performance improvement, since now access
>> checking heavily relies on the presence of normalized values.
> 
> Sorry, but can you take that again, slower? :)

The point is that starting with re23, ACI values in the database are
assumed to be normalized.  When evaluating access checking, each value
is parsed under that assumption, so minimal consistency checking is
done.  This is supposed to:

- early detect inconsistencies; earlier, (almost) any value was accepted
without checks; errors would possibly be detected while evaluating
access, and values that couldn't be parsed would be sort of ignored

- reduce the effort required to evaluate access: DNs no longer need to
be normalized for __every__access control, and things like that

>> Normalization rules shouldn't have changed, so there should be no need
>> to dump/reload your database.
> 
> Between re22 and re23? Or re23 and re24?

between re23 and re23 after this fix.  If normalization rules change,
values that already are in the database, and are assumed to be fine, may
no longer be valid.  This would require a complete dump and reload of
the database to make sure that the new normalization rules are in
effect.  This should not be the case, since the change that's now in
re23 does not restrict the syntax; it actually looses it, so more values
are accepted, but resulting in the same normalized form.

Of course, as stated in the OpenLDAP license, you're on your own,
there's no warranty that no database reload is required ;).

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------