Michael Ströder wrote:
HI!
I'm currently trying to upgrade an OpenLDAP package for a openSUSE distribution.
The original package links slapd with libwrap which made sense in former times on systems without local host firewall mechanisms. If libwrap does not have a major performance impact I'd keep it that way just for sake of backward compability.
But AFAICT if slapd is linked with libwrap the TCP wrapper is always asked whether a connection is allowed or not. One cannot disable it by slapd configuration.
So the question is: How big is the performance impact?
How much does it matter? libwrap has to fopen two files (/etc/hosts.allow and hosts.deny) and read their rules, every time a connection is received. That's pretty significant overhead, but if you're not receiving thousands of connections per second, it probably doesn't matter.
Ciao, Michael.