[Date Prev][Date Next] [Chronological] [Thread] [Top]

"OpenLDAP 2.4 Highlights for 2.4" presentation


I read through your presentation "OpenLDAP Highlights for 2.4". Very
informative, thanks. Now, a few questions:

1. re: "ldapadd performance". Can you briefly explain what exactly was
done in "Optimized server and client in 2.4" to bring down the ldapadd
time from 1:33:08 to 5:20. That's a huge a difference.

2. re: "The Road Ahead...", you note some useful configuration
functionality, including: TLS certs as an LDAP object rather than as a
file on disk, loadable modules as LDAP objects, and automatic creation
of filesystem directories for DBs. Very cool.

I do wonder about putting loadable modules into the directory. First,
let me preface this by saying that obviously an administrator needs to
ensure that the proper access rights are given out. That said, isn't
there a real risk of someone running evil code on the LDAP server by
simply having the ability to add a loadable module object in the
directory? (Yes, this same admin may be able to just delete entries
anyway, but that's different to me than actually being able to run code
that can hook into slapd.)

What is the driver for this developing this functionality?

Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414

Author, "Best Practices for Managing Linux and UNIX Servers"

Identity Management, LDAP, and Linux Integration