Howard-
I read through your presentation "OpenLDAP Highlights for 2.4". Very informative, thanks. Now, a few questions:
1. re: "ldapadd performance". Can you briefly explain what exactly was done in "Optimized server and client in 2.4" to bring down the ldapadd time from 1:33:08 to 5:20. That's a huge a difference.
2. re: "The Road Ahead...", you note some useful configuration functionality, including: TLS certs as an LDAP object rather than as a file on disk, loadable modules as LDAP objects, and automatic creation of filesystem directories for DBs. Very cool.
I do wonder about putting loadable modules into the directory. First, let me preface this by saying that obviously an administrator needs to ensure that the proper access rights are given out. That said, isn't there a real risk of someone running evil code on the LDAP server by simply having the ability to add a loadable module object in the directory? (Yes, this same admin may be able to just delete entries anyway, but that's different to me than actually being able to run code that can hook into slapd.)
What is the driver for this developing this functionality?