openldap-devel March 2007

openldap-devel@openldap.org

11 participants
13 discussions

filter preprocessing for performance improvement
by Eric Irrgang 05 Mar '07

05 Mar '07

I wonder if it might be reasonable for the slapd frontend to do some preprocessing of search filters to recognize no-ops and such. Most specifically, any search filter of the form (&(objectclass=*)(filter2)) can be reduced to (filter2), right? I have a problem in that the first time someone performs a search for 'objectclass=*' after slapd is restarted, the server is really bogged down for a while. Once the search has completed once, this is not a problem. I assume that's due to the IDL cache. However, I currently have to keep the server unavailable after restarting slapd for upwards of half an hour while I do an 'objectclass=*' search the first time. I suppose a followup might be some preevaluation of ACLs before performing easily-recognized searches. For instance, the backend should not have to cope with a search for objectclass=* if the user doesn't have read access to anything as is often the case with an anonymous bind. -- Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342

5 6

deprecated functions
by Quanah Gibson-Mount 02 Mar '07

02 Mar '07

I'm interested in updating Net::LDAPapi so that it no longer uses the deprecated C API. ldap.h is nicely commented on the replacement functions for just about all of the deprecated functions, except for: ldap_sort_entries ldap_sort_values ldap_sort_strcasecmp of which Net::LDAPapi only uses ldap_sort_entries. Is there a replacement function for this? If not, any thoughts on what the steps are to duplicate that functionality? Thanks, Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

2 2

Re: [Kerberos] Kerberos + OpenLDAP (fwd)
by Quanah Gibson-Mount 01 Mar '07

01 Mar '07

To keep OpenLDAP in on this loop... --Quanah ------------ Forwarded Message ------------ Date: Thursday, March 01, 2007 5:10 PM -0500 From: Sam Hartman <hartmans(a)mit.edu> To: Quanah Gibson-Mount <quanah(a)stanford.edu> Cc: Apache Directory Developers List <dev(a)directory.apache.org>, g.w(a)hurderos.org, krbdev(a)MIT.EDU Subject: Re: [Kerberos] Kerberos + OpenLDAP 1) I'd really like to see interested individuals work on the LDAP schema in the IETF. The effort has floundered for lack of people driving it. 2) I'd really love to see an ldap plugin that used some schema and called kadm5_* interfaces--I.E. a way to replace kadmind with openldap even in situations where the ldap kdb layer was not used. ---------- End Forwarded Message ---------- -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel March 2007