On Thu, 2005-12-15 at 11:39 -0800, Quanah Gibson-Mount wrote: > > --On Wednesday, December 14, 2005 12:42 AM +0100 Pierangelo Masarati > <[EMAIL PROTECTED]> wrote: > > > I vote for disabling ACL state for value-dependent ACLs. > > What is the overall effect of doing so? Assuming of course that ACL > caching actually worked in 2.(2,3)...
As far as I understand, ACL state caching works like this: when an attribute is accessed, slapd checks access to all its values; to do this, the access_allowed() func is called once for each value. If no value-dependednt access rule is used, preserving the state saves the <what> and <who> lookup after the first invocation. I don't quite understand how it's supposed to work when access rules are found that depend on the value passed in. In any case, for non-value dependent ACLs, state saving can be a significant advantage when checking access to long arrays of values (e.g. group members), so I'd go for this, reworking or, at worst, discarding it for value-dependent cases. p. Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
