filter preprocessing for performance improvement
by Eric Irrgang
I wonder if it might be reasonable for the slapd frontend to do some
preprocessing of search filters to recognize no-ops and such. Most
specifically, any search filter of the form (&(objectclass=*)(filter2))
can be reduced to (filter2), right?
I have a problem in that the first time someone performs a search for
'objectclass=*' after slapd is restarted, the server is really bogged down
for a while. Once the search has completed once, this is not a problem.
I assume that's due to the IDL cache. However, I currently have to keep
the server unavailable after restarting slapd for upwards of half an hour
while I do an 'objectclass=*' search the first time.
I suppose a followup might be some preevaluation of ACLs before performing
easily-recognized searches. For instance, the backend should not have to
cope with a search for objectclass=* if the user doesn't have read access
to anything as is often the case with an anonymous bind.
--
Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342
16 years, 3 months
deprecated functions
by Quanah Gibson-Mount
I'm interested in updating Net::LDAPapi so that it no longer uses the
deprecated C API. ldap.h is nicely commented on the replacement functions
for just about all of the deprecated functions, except for:
ldap_sort_entries
ldap_sort_values
ldap_sort_strcasecmp
of which Net::LDAPapi only uses ldap_sort_entries.
Is there a replacement function for this? If not, any thoughts on what the
steps are to duplicate that functionality?
Thanks,
Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
16 years, 3 months
Re: [Kerberos] Kerberos + OpenLDAP (fwd)
by Quanah Gibson-Mount
To keep OpenLDAP in on this loop...
--Quanah
------------ Forwarded Message ------------
Date: Thursday, March 01, 2007 5:10 PM -0500
From: Sam Hartman <hartmans(a)mit.edu>
To: Quanah Gibson-Mount <quanah(a)stanford.edu>
Cc: Apache Directory Developers List <dev(a)directory.apache.org>,
g.w(a)hurderos.org, krbdev(a)MIT.EDU
Subject: Re: [Kerberos] Kerberos + OpenLDAP
1) I'd really like to see interested individuals work on the LDAP schema in
the IETF. The effort has floundered for lack of people driving it.
2) I'd really love to see an ldap plugin that used some schema and
called kadm5_* interfaces--I.E. a way to replace kadmind with
openldap even in situations where the ldap kdb layer was not used.
---------- End Forwarded Message ----------
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
16 years, 3 months
