Full_Name: Stefanos Stamatis Version: 2.4.11 OS: Solaris URL: ftp://ftp.openldap.org/incoming/stefanos-stamatis-080801.diff Submission from: (NULL) (195.134.100.30)

The function 'aci_mask' in servers/slapd/aci.c will evaluate the type and subject part of an ACI even if the 'action;rights;attr;' part of the ACI does not apply. This is bad for performance, especially if the subject is a set which dereferences the objects 'user' or 'this'. The referenced patch solves this issue by fixing 'aci_list_get_rights' to return 0 if the returned mask does not effect a change.