> This parameter is used in a few places. First, if is needed when
> checking "self" rights in ACLs.
Oh, yes, "self"...
We are paying a lot for this aren't we? I mean, send_search_entry
is going to loop over every value at every search and each of these
calls is going over the whole ACL set just to get to the precise
same <who> term in the precise same <what> access clause just so
we can do "self"... Not that is has been a cause for worry, but
seems an area for possible optimization. Unless we find more use
for this, of course. Anyway, it seems a little bit overkill for
searches.
Sorry, just disgressing, I am just trying to understand all this.
> Second, it is used in ACIs that
> control access to attributes with certain values.
I am not spending much time on ACIs for the time being.