Jason Voorhees writes:
mmm, I'm planning to build something like this in /etc/saslauthd.conf:
(&(mail=%U@%d)(|(&(objectClass=VirtualMailaccount)(accountActive=TRUE))(objectClass=VirtualMailAlias)))
I don't know saslauthd, but: Will (mail=%U@%d) match at most one entry? Then if you have an 'eq' index for 'mail', slapd won't need to compare more than one entry with the filter. Since the 'or' filter is inside the 'and', it won't be a problem in this repect.
that tries to locate two kind of entries:
- mail=user@domain,vd=domain,o=hosting,dc=myldap,dc=com
(VirtualMailAccount)
If you do a baseobject search at that baseDN, that's also just one entry to examine.
- cn=postmaster,vd=domain,o=hosting,dc=myldap,dc=com
(VirtualMailAlias)
There could be hundreds or maybe thousand of entries of type (1), but only 1 entry of type (2).
If mail is indexed, that's fine.
The filter shown above is used to authenticate users trough saslauthd. So 95% of times users authenticate using type (1), but sometimes I would need to authenticate as 'postmaster' using type (2).
I was worried about performance because using (objectClass=VirtualMailAlias) with OR just for a unique account in my domain.
Would I get much better performance if remove (objectClass=VirtualMailAlias) from the filter? Do you believe that the performance impact will be big?
No, not much.