Re: ACL Performance (caching on object basis) (ITS#1523)

[Stephan Siano <stephan.siano@suse.de>]

Hi,
I just uploaded the updated version of the patch to  
ftp://ftp.openldap.org/incoming/stephan-siano-20020201.patch, however it 
seems that I'm not able (not permitted or to dumb) to update the ITS.

The acl_cache struct remains there (but has a completely changed function) 
because the last evaluated attribute is stored here, now and access_allowed 
will evaluate whether the access control is value independant and return the 
access if the same attribute was called before (with no or a different value) 
as proposed by Kurt. This keeps the intrusion into the application logic 
outside acl.c to a minimum (add a paramter (NULL or a pointer to a pointer to 
an acl_cache struct), call slap_acl_cache_init() to initialize and 
slap_acl_cache_destroy() to destroy the cache.)

I don't handle failed mallocs (mainly because I didn't want to introduce the 
first code that doesn't use ch_malloc(), however the code in access_allowed 
can handle if the cache is a NULL pointer (so the error handler on a failed 
malloc would be to destroy the whole cache and proceed). I don't think this 
would make exceedingly much sense, since if slapd runs out of memory the 
little amount used for the acl_cache stuff won't save it.

Yours
Stephan Siano

-- 
Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn