Jason Voorhees writes:
mmm, I'm planning to build something like this in
/etc/saslauthd.conf:
(&(mail=%U@%d)(|(&(objectClass=VirtualMailaccount)(accountActive=TRUE))(objectClass=VirtualMailAlias)))
I don't know saslauthd, but: Will (mail=%U@%d) match at most one entry?
Then if you have an 'eq' index for 'mail', slapd won't need to
compare
more than one entry with the filter. Since the 'or' filter is inside
the 'and', it won't be a problem in this repect.
that tries to locate two kind of entries:
1. mail=user@domain,vd=domain,o=hosting,dc=myldap,dc=com
(VirtualMailAccount)
If you do a baseobject search at that baseDN, that's also just
one entry to examine.
2. cn=postmaster,vd=domain,o=hosting,dc=myldap,dc=com
(VirtualMailAlias)
There could be hundreds or maybe thousand of entries of type (1), but
only 1 entry of type (2).
If mail is indexed, that's fine.
The filter shown above is used to authenticate users trough
saslauthd.
So 95% of times users authenticate using type (1), but sometimes I would
need to authenticate as 'postmaster' using type (2).
I was worried about performance because using
(objectClass=VirtualMailAlias) with OR just for a unique account in my
domain.
Would I get much better performance if remove
(objectClass=VirtualMailAlias) from the filter?
Do you believe that the performance impact will be big?
No, not much.
--
Hallvard