[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACIs and OL 2.3



Quoting Pierangelo Masarati <ando@sys-net.it>:

> Turbo Fredriksson wrote:
>
>>> You should note some other odds in input/output, since
>>> normalization/prettification is consistently used on ACI values.  You
>>> might also notice some performance improvement, since now access
>>> checking heavily relies on the presence of normalized values.
>> 
>> Sorry, but can you take that again, slower? :)
>
> The point is that starting with re23, ACI values in the database are
> assumed to be normalized.  When evaluating access checking, each value
> is parsed under that assumption, so minimal consistency checking is
> done.

So in other words, I have to normalize the ACI's _before_ adding it to
the database? Or is it done by slapadd/ldapadd/ldap_add()?

> - reduce the effort required to evaluate access: DNs no longer need to
> be normalized for __every__access control, and things like that

Hmm... This sounds/looks like a contradiction... 'db is assumed to be normalized'
and 'DNs no longer need to be normalized'... ?

Btw, normalization, is that just lower-casing 'everything' and making
DN's 'correct' (no excess spaces etc)?