[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Move From Redhat 7.3 to redhat ES 3.0
* Simon Oliver
|
| Can you give examples of the acls that caused problems so that we
| can avoid them too?
No, they are to stupid to post in public :-)
I used acls to allow connection only from some hosts with this rule:
access to *
by self read
by peername.regex="^IP=10\.0\.0\.(31|32|38|54|56|62|78|82|83|88|90|91|93|96|97|99|101|103|
105|106|107|108|109|110|111|112|113|115|116|117|119|120|122|123|124|125|126|129|141|142|143|144|144|145).*" read
by * none
That was not clever, when I changed to:
access to *
by * read
This simple search:
$ ldapsearch -ZZ -LLL -x -h ldapserver.invalid \(uid=\*\) cn
was about 5 times faster.
The simple lesson is to watch your acls if you have a performance
problem.
BTW: I am now using tcp_wrappers to achieve the same access policy.
- Terje