Quoting Pierangelo Masarati ando@sys-net.it:
Turbo Fredriksson wrote:
You should note some other odds in input/output, since normalization/prettification is consistently used on ACI values. You might also notice some performance improvement, since now access checking heavily relies on the presence of normalized values.
Sorry, but can you take that again, slower? :)
The point is that starting with re23, ACI values in the database are assumed to be normalized. When evaluating access checking, each value is parsed under that assumption, so minimal consistency checking is done.
So in other words, I have to normalize the ACI's _before_ adding it to the database? Or is it done by slapadd/ldapadd/ldap_add()?
- reduce the effort required to evaluate access: DNs no longer need to
be normalized for __every__access control, and things like that
Hmm... This sounds/looks like a contradiction... 'db is assumed to be normalized' and 'DNs no longer need to be normalized'... ?
Btw, normalization, is that just lower-casing 'everything' and making DN's 'correct' (no excess spaces etc)?