[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACIs and OL 2.3



Turbo Fredriksson wrote:
Quoting Pierangelo Masarati <ando@sys-net.it>:

Turbo Fredriksson wrote:

You should note some other odds in input/output, since
normalization/prettification is consistently used on ACI values.  You
might also notice some performance improvement, since now access
checking heavily relies on the presence of normalized values.
Sorry, but can you take that again, slower? :)
The point is that starting with re23, ACI values in the database are
assumed to be normalized.  When evaluating access checking, each value
is parsed under that assumption, so minimal consistency checking is
done.

So in other words, I have to normalize the ACI's _before_ adding it to the database? Or is it done by slapadd/ldapadd/ldap_add()?

Normalization is done automatically by slapd, as it always has been. You don't have to do anything special. None of what was mentioned in these posts is user-visible, aside from the performance improvement.


- reduce the effort required to evaluate access: DNs no longer need to
be normalized for __every__access control, and things like that

Hmm... This sounds/looks like a contradiction... 'db is assumed to be normalized' and 'DNs no longer need to be normalized'... ?

In 2.0 and 2.1 normalized attribute values were only stored in memory, not saved to the database. So when an entry was freshly read from the DB, all of the normalization had to be repeated.


Since 2.2 the normalized values are stored in the database, so normalization only occurs once for any attribute (when its values are first input).


Btw, normalization, is that just lower-casing 'everything' and making
DN's 'correct' (no excess spaces etc)?

No. Normalization for an attribute depends on its syntax. Obviously values with case-sensitive syntaxes do not get lower-cased.


And again, these are internal implementation details, not user-visible. You should just forget you ever saw this part of the discussion.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/