On 8/13/21 1:51 AM, Howard Chu wrote: > Michael Ströder wrote: >> HI! >> >> Frankly I forgot whether I asked this before: >> >> Let there be ACLs with dn.regex="..", attrs=foo,bar and val.regex=".." >> in the <what> clauses. >> >> Obviously depending on complexity of regex-pattern and length of DNs / >> avals the regex checking is more expensive than equality checking of attrs=. >> >> Can I improve ACL performance by order of <what> clauses or are they >> processed in fixed order anyway? If in fixed order, which one? > > The order is fixed, in order of increasing granularity. DN first, > attribute next, value-specific last.
Is this order implemented in function slap_acl_get() in acl.c? The last seems to be filter= after val=. Right? > That is the only order that makes logical sense. Why? IMHO attrs= should be checked first because dn.regex=".." val.regex=".." filter=".." are all potentially way more CPU-intensive than checking attrs= against a simple hash-map. Ciao, Michael.
