[Date Prev][Date Next] [Chronological] [Thread] [Top]

slow search after putting in ACL.

To: OpenLDAP-software@OpenLDAP.org
Subject: slow search after putting in ACL.
From: bluefeather@logixonline.com
Date: Sun, 27 Jun 2004 15:52:24 -0500 (CDT)
Importance: Normal
User-agent: Mail/1.4.2

hello all,

I noticed a performance hit after putting putting the following in my
slapd.conf file:

access to dn=".*,o=company.com" attr=userPassword
        by dn="cn=Manager,o=company.com"
        by self write
        by * auth

access to dn=".*,o=company.com"
        by * read

If I put the above and do a lookup/time..
time ldapsearch -x -b 'o=company.com' "mail=*@mydomain.com"

# search result
search: 2
result: 0 Success

# numResponses: 12
# numEntries: 11

real    0m8.856s <=========
user    0m0.000s
sys     0m0.010s

BUT if I remove the ACL this is what I get:

# search result
search: 2
result: 0 Success

# numResponses: 12
# numEntries: 11

real    0m0.255s <=========
user    0m0.000s
sys     0m0.000s


I am just trying to make it when there is an anonymous bind not to release
the encrypted password but allow the normal attributes like
mail,mailMessageStore,homeDirectory,uid,mailQuota to be sent.

Here are my specs:

OS version:   Linux 2.4.22
ldap version: OpenLDAP 2.1.25
box:          (2) Intel Pentium III 800mhz
              1gb RAM
              100gb RAID5
dn entries:   22,860

Thank you for your time,
bluefeather

Follow-Ups:
- Re: slow search after putting in ACL.
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: upper limit to db size
Next by Date: Re: slow search after putting in ACL.
Index(es):
- Chronological
- Thread