[Date Prev][Date Next]
Re: ACIs and OL 2.3
Quoting Pierangelo Masarati <firstname.lastname@example.org>:
> Turbo Fredriksson wrote:
>>> You should note some other odds in input/output, since
>>> normalization/prettification is consistently used on ACI values. You
>>> might also notice some performance improvement, since now access
>>> checking heavily relies on the presence of normalized values.
>> Sorry, but can you take that again, slower? :)
> The point is that starting with re23, ACI values in the database are
> assumed to be normalized. When evaluating access checking, each value
> is parsed under that assumption, so minimal consistency checking is
So in other words, I have to normalize the ACI's _before_ adding it to
the database? Or is it done by slapadd/ldapadd/ldap_add()?
> - reduce the effort required to evaluate access: DNs no longer need to
> be normalized for __every__access control, and things like that
Hmm... This sounds/looks like a contradiction... 'db is assumed to be normalized'
and 'DNs no longer need to be normalized'... ?
Btw, normalization, is that just lower-casing 'everything' and making
DN's 'correct' (no excess spaces etc)?