[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACIs and OL 2.3

Turbo Fredriksson wrote:
Quoting Pierangelo Masarati <ando@sys-net.it>:

Turbo Fredriksson wrote:

You should note some other odds in input/output, since
normalization/prettification is consistently used on ACI values.  You
might also notice some performance improvement, since now access
checking heavily relies on the presence of normalized values.
Sorry, but can you take that again, slower? :)
The point is that starting with re23, ACI values in the database are
assumed to be normalized.  When evaluating access checking, each value
is parsed under that assumption, so minimal consistency checking is

So in other words, I have to normalize the ACI's _before_ adding it to the database? Or is it done by slapadd/ldapadd/ldap_add()?

They are normalized by the write process; you supply them as you like, and slapd normalizes them as appropriate. You don't need to know anything about normalization.

- reduce the effort required to evaluate access: DNs no longer need to
be normalized for __every__access control, and things like that

Hmm... This sounds/looks like a contradiction... 'db is assumed to be normalized' and 'DNs no longer need to be normalized'... ?

Only to a careless reader. If ACI values are stored without normalization, portions of them that require normalization to be compared, like DNs, have to be normalized __each time they're used__.

On the contrary, if ACI values (actually, components that need normalization) are normalized when written, their use does not require any further action.

Btw, normalization, is that just lower-casing 'everything' and making
DN's 'correct' (no excess spaces etc)?

Normalization is anything required by the equality matchingRule defined for an attribute, if any. You don't need to care about that.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it