[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Question about ldap filter
Hallvard B Furuseth escribió:
> Jason Voorhees writes:
>> mmm, I'm planning to build something like this in /etc/saslauthd.conf:
>>
>> (&(mail=%U@%d)(|(&(objectClass=VirtualMailaccount)(accountActive=TRUE))(objectClass=VirtualMailAlias)))
>
> I don't know saslauthd, but: Will (mail=%U@%d) match at most one entry?
Yes, it always match only one entry per search operation.
> Then if you have an 'eq' index for 'mail', slapd won't need to compare
> more than one entry with the filter. Since the 'or' filter is inside
> the 'and', it won't be a problem in this repect.
>
Yes, I mantain 'eq' index for 'mail' atttributes.
>> that tries to locate two kind of entries:
>>
>> 1. mail=user@domain,vd=domain,o=hosting,dc=myldap,dc=com
>> (VirtualMailAccount)
>
> If you do a baseobject search at that baseDN, that's also just
> one entry to examine.
>
>> 2. cn=postmaster,vd=domain,o=hosting,dc=myldap,dc=com
>> (VirtualMailAlias)
>>
>> There could be hundreds or maybe thousand of entries of type (1), but
>> only 1 entry of type (2).
>
> If mail is indexed, that's fine.
>
>> The filter shown above is used to authenticate users trough saslauthd.
>> So 95% of times users authenticate using type (1), but sometimes I would
>> need to authenticate as 'postmaster' using type (2).
>>
>> I was worried about performance because using
>> (objectClass=VirtualMailAlias) with OR just for a unique account in my
>> domain.
>>
>> Would I get much better performance if remove
>> (objectClass=VirtualMailAlias) from the filter?
>> Do you believe that the performance impact will be big?
>
> No, not much.
>
Thanks a lot Hallvard, bytes! :)