No they are not. Index lookups are cached by the IDL cache; that has nothing to do with ACL evaluation.As a curiosity, servers matched by the first rules are about 5 or 6 timesACL evaluation results are stored in the idl cache, so the more a given rule is exercised, the quicker the result sets to that rule should be, if you have a good idl cache setting.
faster to response than servers matched by last rules. I thought that
the ACL evaluation time will be uniform because the whole set of rules
would be evaluated. this makes sense to someone?
This give me an extra advantage because I can sort the most important servers first to grant a fast response to critical apps.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/