Full_Name: Pierangelo Masarati Version: HEAD OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40) Submitted by: ando

When idassert is used with "override" (i.e. it occurs also when the instance of back-ldap is the authorizing backend) and it is going to accept to authorize any identity, there is no need to create/destroy a connection for each bind, since subsequent operations will ever occur on the privileged, cached connection with identity assertion. So a separate cached connection is used only for binds, which of course need to be serialized (i.e. wait for response before submitting another one). Here there's room for further optimization: in case the connection is busy waiting for response, back-ldap can either wait or use a temporary (the original behavior). Further optimization will allow a pool of dedicated connections to alleviate concurrency issues.

A patch is coming.

p.