[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Performance of ACLs

To: ptimmons@courriel.polymtl.ca
Subject: Re: Performance of ACLs
From: Iddyamadom Santhoshkumar <iskumar@yahoo.com>
Date: Wed, 18 Oct 2000 07:37:08 -0700 (PDT)
Cc: openldap-software@OpenLDAP.org

Patrick,

ThanX for the reply. I tried your suggestion, but
it did not help. Still the search takes 18-19 seconds.

Santhosh

--- Patrick Timmons <ptimmons@courriel.polymtl.ca>
wrote:
> Do you have a 'presence index' (and maybe a
> substring index) for the uid
> attribute ? If you don't, slapd must look at each
> entry just to see if the entry
> contains a uid attribute. 
> 
> Iddyamadom Santhoshkumar wrote:
> > 
> > Hi
> > 
> > I am using OpenLdap 1.2.11 and having a problem
> due to
> > 
> > ACLs.
> > 
> > The following command is issued to do an LDAP
> search
> > 
> > ldapsearch -D
> "uid=ouser,ou=People,o=company1,o=com"
> > -w testpassword -b "o=company1,o=com" "uid=*"
> > 
> > There are a few ACLs in slapd.conf. I was assuming
> > that those ACLs will validate entries under the
> base
> > search path (in this example, "o=company1,o=com").
> > There are only few entries under
> "o=company1,o=com"
> > (may be 20). But, it takes at least 18 seconds to
> > return the resuls. There are totally 6500 entries
> in
> > the directory.
> > 
> > >From the ACL logs (syslog), I found that each and
> > every entry in the directory is accessed and that
> is
> > why it is taking long time.
> > 
> > Is it a problem with the OpenLdap or is it
> designed
> > like that or is it a problem with my ACLs ?
> > 
> > defaultaccess none
> > access to dn="uid=[^,]+,ou=People,o=([^,]+),o=com"
> > attrs=entry
> >        by dn="uid=[^,]+,ou=People,o=$1,o=com" read
> > access to dn="uid=[^,]+,ou=People,o=([^,]+),o=com"
> > attrs=userpassword
> >        by self read
> > access to dn="uid=[^,]+,ou=People,o=([^,]+),o=com"
> >        by dn="uid=[^,]+,ou=People,o=$1,o=com" read
> > 
> > I will be greatful for any feedback on this..
> > 
> > THanX in advance
> > Santhosh
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Messenger - Talk while you surf!  It's
> FREE.
> > http://im.yahoo.com/
> 
> -- 
> Patrick Timmons, service informatique


__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/

Follow-Ups:
- Re: Performance of ACLs
  - From: Mark Adamson <adamson@andrew.cmu.edu>

Prev by Date: Re: Multiple values for attributes
Next by Date: Re: Performance of ACLs
Index(es):
- Chronological
- Thread