Michael Ströder wrote:
HI!
I'm currently trying to upgrade an OpenLDAP package for a openSUSE distribution.
The original package links slapd with libwrap which made sense in former times
on systems without local host firewall mechanisms.
If libwrap does not have a major performance impact I'd keep it that way just
for sake of backward compability.
But AFAICT if slapd is linked with libwrap the TCP wrapper is always asked
whether a connection is allowed or not. One cannot disable it by slapd
configuration.
So the question is: How big is the performance impact?
How much does it matter? libwrap has to fopen two files
(/etc/hosts.allow and hosts.deny) and read their rules, every time a
connection is received. That's pretty significant overhead, but if
you're not receiving thousands of connections per second, it probably
doesn't matter.
Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
