Commit Graph

2226 Commits

Author SHA1 Message Date
Kurt Zeilenga
fb852d7d80 comment out inetLocalMailReciepent as it has no assigned OID 2001-09-18 17:52:43 +00:00
Howard Chu
6b9b0660c9 Fix ITS#1213, OID macro parsing in attributetypes 2001-09-18 11:30:00 +00:00
Kurt Zeilenga
7a18352c06 Patch for SASL EXTERNAL. Needs to be tested with other mechanisms. 2001-09-18 07:44:18 +00:00
Howard Chu
bb06fd8d6b Fix crashes for SASL/EXTERNAL binds:
in slap_sasl_getdn, test id, not dn. dn is still NULL
  also, don't check for trailing slash
  in slap_sasl_bind, initialize reslen to 0
2001-09-18 03:10:05 +00:00
Kurt Zeilenga
d05e6af326 Clean up include logging 2001-09-17 22:38:52 +00:00
Kurt Zeilenga
baa49e18de Back out ManageDsaIt change. 2001-09-16 22:03:38 +00:00
Kurt Zeilenga
dba27a3a17 Minor cleanup 2001-09-16 22:02:50 +00:00
Kurt Zeilenga
2d5a817288 Remove lint 2001-09-16 22:00:53 +00:00
Pierangelo Masarati
8a78d022bc cleanup and cast of logs 2001-09-13 21:30:44 +00:00
Kurt Zeilenga
4039648a2e Use time_t not char * to represent timestamps.
Fixes billionth second since epoch bug.
2001-09-09 21:16:17 +00:00
Kurt Zeilenga
09a7bd4331 Clean up asserts, should assert desc != NULL instead of attr != NULL 2001-09-09 18:58:54 +00:00
Kurt Zeilenga
0a155934ab Add root DSE supportedFeatures support. 2001-09-09 04:01:07 +00:00
Kurt Zeilenga
82a4f473ce Update 'invalid data' error message. 2001-09-08 03:55:41 +00:00
Kurt Zeilenga
a8b7e93ef4 Add referral scope checks (ITS#1289) from dshriver@sharemedia.com 2001-09-08 02:37:02 +00:00
Kurt Zeilenga
cd51428dbe Add IDL debugging code from SuSE. 2001-09-07 21:58:31 +00:00
Dmitry Kovalev
358835218a finish the prefious fixes... it is really hard to commit a truly good patch without even a chance to check if it is compilable ;) 2001-09-07 18:50:52 +00:00
Dmitry Kovalev
6bf69cbf39 some cosmetics and minor problems fixed, pointed out by Mei-Hui Su (c++-style comments, newlines etc.) 2001-09-07 13:04:11 +00:00
Kurt Zeilenga
ed9b7332fb Add <limits.h> 2001-09-07 02:08:32 +00:00
Kurt Zeilenga
1b42a20565 Remove extensible filter #ifdef 2001-09-04 18:45:05 +00:00
Kurt Zeilenga
3889e1d955 Add some EINTR logic to back-shell. Assumes fgets() handles
such errors in a particular manner.
2001-09-02 00:10:57 +00:00
Kurt Zeilenga
a2ba804e47 Add general extensible matching support and integerBitAndMatch
and integerBitOrMatch enhancement (ITS#1302 + minor changes)
from Luke Howard <lukeh@padl.com>.
2001-09-01 17:10:43 +00:00
Kurt Zeilenga
2c9a238571 Allow dn.base="" 2001-09-01 05:01:31 +00:00
Kurt Zeilenga
ef7b181f8b Open databases using WRCREAT not READER. 2001-09-01 05:00:27 +00:00
Kurt Zeilenga
a49392981a There is no TLSProtocol option. 2001-08-31 16:48:30 +00:00
Mark Adamson
fac77083cc Skip over the "dn:" prefix when passing a DN to dn_normalize(). 2001-08-29 23:01:24 +00:00
Kurt Zeilenga
2f761834b2 Fix NEW_LGGING typo 2001-08-29 19:49:05 +00:00
Kurt Zeilenga
9a80d76f44 Minor rework of *text = textbuf fix 2001-08-28 21:43:00 +00:00
Kurt Zeilenga
f10028ba06 Apply ACLs to front end objects (root DSE, subschema) consistently 2001-08-28 20:28:34 +00:00
Stig Venaas
70f7e55344 Changed get_listener_addresses() to not use getaddrinfo() for PF_LOCAL 2001-08-26 11:03:27 +00:00
Mark Adamson
7378872731 Need to set error text pointer sooner in entry_schema_check(), or Debug() will SEGV 2001-08-15 15:27:26 +00:00
Pierangelo Masarati
b637967b95 fix malformed test 2001-08-04 16:46:03 +00:00
Pierangelo Masarati
8ee6168916 fix a reference to volative memory in back-ldbm/passwd.c that caused garbage messages to be returned to ldappasswd 2001-08-04 15:46:08 +00:00
Pierangelo Masarati
1eb3f8b2e4 add limits stuff to back-ldap 2001-08-04 11:10:35 +00:00
Pierangelo Masarati
b5bb74bb02 cleanup limits stuff in back-meta 2001-08-04 11:10:08 +00:00
Pierangelo Masarati
6a5b253bc6 allow multiple limits setting on one global/per backend config line 2001-08-04 11:09:25 +00:00
Pierangelo Masarati
4919363fa0 more intuitive special limits configuration 2001-08-03 17:25:39 +00:00
Pierangelo Masarati
414783058d enforces detailed search limits 2001-08-03 17:15:14 +00:00
Dmitry Kovalev
2f4d324f60 A big bunch of improvements, contributed by Sam Drake and Raj Damani.
Summary of changes is cited below.
The patch still needs some cosmetic changes to be made, but is ready for testing.

-----Original Message-----
From: Sam Drake [mailto:drake@timesten.com]
Sent: Saturday, April 07, 2001 10:40 PM
To: 'mitya@seismic.ru'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Slapd frontend performance issues


FYI, here is a short description of the changes I made.  I'll package up the
changes asap, but it may take a couple of days.

The performance numbers quoted in this report were seen at my location with
a 100,000 object database ... the slower numbers I mentioned earlier were
reported by a customer with a 1,000,000 object database.

I also can't explain the very poor performance I saw with OpenLDAP and LDBM
with a 100,000 object database.

...Sam Drake / TimesTen Performance Software

----------

Work Performed

OpenLDAP 2.0.9, including back-sql, was built successfully on Solaris
8 using gcc.  The LDAP server itself, slapd, passed all tests bundled
with OpenLDAP.  OpenLDAP was built using Sleepycat LDBM release 3.1.17
as the "native" storage manager.

The experimental back-sql facility in slapd was also built
successfully.  It was built using Oracle release 8.1.7 and the Oracle
ODBC driver and ODBC Driver Manager from Merant.  Rudimentary testing
was performed with the data and examples provided with back-sql, and
back-sql was found to be functional.

Slapd and back-sql were then tested with TimesTen, using TimesTen
4.1.1.  Back-sql was not immediately functional with TimesTen due to a
number of SQL limitations in the TimesTen product.

Functional issues encountered were:

1. Back-sql issued SELECT statements including the construct,
   "UPPER(?)".  While TimesTen supports UPPER, it does not support the
   use of parameters as input to builtin functions.  Back-sql was
   modified to convert the parameter to upper case prior to giving it
   to the underlying database ... a change that is appropriate for all
   databases.

2. Back-sql issued SELECT statements using the SQL CONCAT function.
   TimesTen does not support this function.  Back-sql was modified to
   concatentate the necessary strings itself (in "C" code) prior to
   passing the parameters to SQL.  This change is also appropriate for
   all databases, not just TimesTen.

Once these two issues were resolved, back-sql could successfully
process LDAP searches using the sample data and examples provided with
back-sql.

While performance was not measured at this point, numerous serious
performance problems were observed with the back-sql code and the
generated SQL.  In particular:

1. In the process of implementing an LDAP search, back-sql will
   generate and execute a SQL query for all object classes stored in
   back-sql.  During the source of generating each SQL query, it is
   common for back-sql to determine that a particular object class can
   not possibly have any members satisfying the search.  For example,
   this can occur if the query searches an attribute of the LDAP
   object that does not exist in the SQL schema.  In this case,
   back-sql would generate and issue the SQL query anyway, including a
   clause such as "WHERE 1=0" in the generated SELECT.  The overhead
   of parsing, optimizing and executing the query is non-trivial, and
   the answer (the empty set) is known in advance. Solution: Back-sql
   was modified to stop executing a SQL query when it can be
   predetermined that the query will return no rows.

2. Searches in LDAP are fundamentally case-insensitive ("abc" is equal
   to "aBc").  However, in SQL this is not normally the case.
   Back-sql thus generated SQL SELECT statements including clauses of
   the form, "WHERE UPPER(attribute) = 'JOE'".  Even if an index is
   defined on the attribute in the relational database, the index can
   not be used to satisfy the query, as the index is case sensitive.
   The relational database then is forced to scan all rows in the
   table in order to satisfy the query ... an expensive and
   non-scalable proposition.  Solution: Back-sql was modified to allow
   the schema designer to add additional "upper cased" columns to the
   SQL schema.  These columns, if present, contain an upper cased
   version of the "standard" field, and will be used preferentially
   for searching.  Such columns can be provided for all searchable
   columns, some columns, or no columns.  An application using
   database "triggers" or similar mechanisms can automatically
   maintain these upper cased columns when the standard column is
   changed.

3. In order to implement the hierarchical nature of LDAP object
   hierarchies, OpenLDAP uses suffix searches in SQL.  For example, to
   find all objects in the subtree "o=TimesTen,c=us", a SQL SELECT
   statement of the form, "WHERE UPPER(dn) LIKE '%O=TIMESTEN,C=US'"
   would be employed.  Aside from the UPPER issue discussed above, a
   second performance problem in this query is the use of suffix
   search.  In TimesTen (and most relational databases), indexes can
   be used to optimize exact-match searches and prefix searches.
   However, suffix searches must be performed by scanning every row in
   the table ... an expensive and non-scalable proposition.  Solution:
   Back-sql was modified to optionally add a new "dn_ru" column to the
   ldap_entries table.  This additional column, if present, contains a
   byte-reversed and upper cased version of the DN.  This allows
   back-sql to generate indexable prefix searches.  This column is
   also easily maintained automatically through the use of triggers.

Results

A simple database schema was generated holding the LDAP objects and
attributes specified by our customer.  An application was written to
generate test databases.  Both TimesTen and Oracle 8.1.7 were
populated with 100,000 entry databases.

Load Times

Using "slapadd" followed by "slapindex", loading and indexing 100,000
entries in an LDBM database ran for 19 minutes 10 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
a disk based RDBMS took 17 minutes 53 seconds.

Using a C++ application that used ODBC, loading 100,000 entries into
TimesTen took 1 minute 40 seconds.

Search Times

The command, "timex timesearch.sh '(cn=fname210100*)'" was used to
test search times.  This command issues the same LDAP search 4000
times over a single LDAP connection.  Both the client and server
(slapd) were run on the same machine.

With TimesTen as the database, 4000 queries took 14.93 seconds, for a
rate of 267.9 per second.

With a disk based RDBMS as the database, 4000 queries took 77.79 seconds,
for a
rate of 51.42 per second.

With LDBM as the database, 1 query takes 76 seconds, or 0.076 per
second.  Something is clearly broken.
2001-08-02 17:28:59 +00:00
Kurt Zeilenga
b22ad8cf60 Add some addl. logging 2001-08-02 03:37:20 +00:00
Pierangelo Masarati
8471ef7ed0 add global, per backend and per op_ndn time/size soft, hard and to-be-checked limits (exploited by back-ldbm); see slapd.conf(5) for details 2001-08-01 10:09:04 +00:00
Pierangelo Masarati
419a5ae8c9 fix typo; try to delete dn2id in case of late failure 2001-07-31 10:54:39 +00:00
Pierangelo Masarati
d8cb33ebe8 added acl check for added/removed rdn attrs 2001-07-31 10:02:19 +00:00
Kurt Zeilenga
50223981d9 Fix typo 2001-07-31 07:53:21 +00:00
Kurt Zeilenga
b09727567d Clean up 2001-07-31 04:55:14 +00:00
Kurt Zeilenga
60c4893b93 Last changes should have been #ifdef 2001-07-31 04:30:11 +00:00
Kurt Zeilenga
0bcc892fdf Fix basic operations 2001-07-31 04:24:29 +00:00
Kurt Zeilenga
ca7ba1a3fd Fix slapadd crash when only a subset of databases have been initialized.
Likely should have a general solution to this.
2001-07-31 00:16:44 +00:00
Pierangelo Masarati
4362654eb6 fixes another assert in case of subtle error (schema failure while applying rdn changes) 2001-07-30 20:12:34 +00:00
Pierangelo Masarati
8edccd2554 fixes ITS#1261 (abort on modrdn with new dn already existing) 2001-07-30 14:54:02 +00:00
Pierangelo Masarati
6c81656a95 fixed some memory allocation nonsense 2001-07-29 17:21:28 +00:00
Pierangelo Masarati
c78416fdbd exploits regex-based per op_ndn time/size limits 2001-07-28 11:25:00 +00:00
Pierangelo Masarati
4051547dfa handle regex-based per op_ndn time/size limits 2001-07-28 11:24:22 +00:00
Kurt Zeilenga
279ef73485 Remove assert(0) 2001-07-28 01:06:06 +00:00
Stig Venaas
e3caeb2264 Removed duplicate code by replacing case-Exact/Ignore-Filter/Indexer and
case-Exact/Ignore-Substrings-Match/Filter/Indexer with common code for
the caseExact and caseIgnore cases
2001-07-27 22:54:43 +00:00
Stig Venaas
159fa1b26c Making the approx multistring code default. Leaving the old code for now,
but can really be removed.
2001-07-26 22:33:28 +00:00
Kurt Zeilenga
d4df1af590 Misc cleanup of asserts 2001-07-26 01:08:00 +00:00
Stig Venaas
92ec77f6dc Made approxMatch/Indexer/Filter all do Unicode cannonical normalization
followed by stripping of characters with 8th bit set. The normalization
is needed to make exact match imply approx match.
2001-07-25 21:22:55 +00:00
Kurt Zeilenga
e2b3914982 ITS#1274 fix 2001-07-24 19:54:04 +00:00
Kurt Zeilenga
d31da9dd01 Rework single-value check 2001-07-24 04:31:01 +00:00
Kurt Zeilenga
3e7e6bc6d5 Add an improved single value constraint check. 2001-07-24 03:25:17 +00:00
Pierangelo Masarati
589a5c7442 added extra check to suffix param of replica entry 2001-07-23 14:32:59 +00:00
Kurt Zeilenga
3a2f9e84ba Fix typo 2001-07-22 03:25:45 +00:00
Kurt Zeilenga
0cdf9e3124 fix up UTF8MATCH 2001-07-22 02:45:21 +00:00
Kurt Zeilenga
f310142d2c Use DN normalize 2001-07-22 00:32:58 +00:00
Stig Venaas
d326f96c32 We shouldn't need UTF8oncasecmp() and UTF8casechr() anymore, removing
them.
2001-07-22 00:31:04 +00:00
Kurt Zeilenga
7000f3e8cb Zap old DN code 2001-07-21 23:45:04 +00:00
Kurt Zeilenga
978e417699 Make some additional UTF8 public
Remove lint
2001-07-21 23:13:04 +00:00
Kurt Zeilenga
da2f6f6805 Zap !UTF8MATCH code 2001-07-21 23:02:06 +00:00
Kurt Zeilenga
5cb6b1ce02 Back out DN changes, needs more work 2001-07-21 22:44:55 +00:00
Kurt Zeilenga
9207e19978 unifdef -DMULTIATTRVAL_RDN 2001-07-21 21:21:32 +00:00
Pierangelo Masarati
ece9bdb0eb Added the suffix=<dn> parameter to replica config directive
to allow selective replication of subtrees of a single database.
Multiple occurrences allow the same replica to handle different
subtrees
2001-07-21 14:15:23 +00:00
Pierangelo Masarati
9ee9f1e0e1 Reworked again the caching in case of failure.
Now operations that set the status of an entry to CREATING (add.c, modrdn.c)
need to set it to COMMIT, by calling cache_entry_commit, before returning
the entry itself, otherwise the entry is removed from the cache
and its private data is freed.
Should fix crashes due to add failures as in ITS#1245
2001-07-21 10:53:06 +00:00
Pierangelo Masarati
aec4430d59 Reworked API of nextid; e_private gets destroyed separately from the entry in case add fails (should fix ITS#1245) 2001-07-20 09:50:28 +00:00
Stig Venaas
0e614ca0ec Made caseExactMatch() use Unicode normalization 2001-07-17 20:09:37 +00:00
Stig Venaas
6c362d77ac Made caseIgnoreSubstringsMatch and caseExactSubstringsMatch use proper
Unicode cannonical normalization
2001-07-17 19:35:23 +00:00
Randy Kunkee
82f3004a16 Prevent ldbm_sync from being called by ldbm_cache_close when the new
dbsync configuration is in use, which was preventing the performance
gains of this mode.
2001-07-16 23:21:36 +00:00
Stig Venaas
ea47735802 Fixed UTF8 encoding checks for substrings assertions 2001-07-16 22:48:52 +00:00
Randy Kunkee
f06021e335 Fix ITS#1239:
slapadd core-dumps when destroying db's env (Sleepycat 3.2.9) (ITS#1239)
Only call ldbm_shutdown_env if the database has been opened, ie. when
li->li_dbenv != NULL.  Would appear any time a shutdown occurred and
not all LDBM databases were opened.
2001-07-16 22:16:24 +00:00
Stig Venaas
9b0e583576 Fixed bug in caseExactSubstringsIndexer() and caseIgnoreSubstringsIndexer().
UTF8 normalization must be done before we compute number of keys since
string length might increase.
2001-07-15 21:28:07 +00:00
Kurt Zeilenga
40d68d8374 Extend assertion value syntax checks to some other cases. Needs to
be applied to substrings assertions as well.
2001-07-15 17:25:49 +00:00
Kurt Zeilenga
c46014e27e Fix typo in disallow logging 2001-07-15 17:25:00 +00:00
Stig Venaas
886a7575d0 Fixed segfault in caseIgnoreFilter when assertion value has bad UTF8 coding 2001-07-15 16:21:36 +00:00
Pierangelo Masarati
e864abf685 reworked slapd_mods_free into mimic to avoid extra obj linking into tools 2001-07-14 17:48:12 +00:00
Pierangelo Masarati
5fdba27288 This is the skeleton of back-monitor, the slapd monitoring backend.
The old monitoring stuff has been removed; the new backend is
enabled by using --enable-monitor at configure time and requires

	database monitor

in slapd.conf to be activated.  At present it implements a subset
of the old monitoring options, and it should be extendable to
a number of different subsystems.  The search operation has been
implementd; it does not honor abandon or size/time limits, though.
The compare and the abandon operations are planned.

Copyright Pierangelo Masarati <ando@sys-net.it>; the code is provided
AS IS with NO GUARANTEE.  It can be used and distributed under the
conditions stated by the OpenLDAP Public License.
2001-07-14 17:34:24 +00:00
Kurt Zeilenga
ca43453b95 Quick and dirty hack to add password modify replication. 2001-07-14 01:26:02 +00:00
Pierangelo Masarati
a453d7eacf dn_validate/dn_normalize has been rewritten by
David A. Cooper <david.cooper@nist.gov> (ITS#1232)
according to draft-ietf-ldapbis-dn-05.txt

A copyright statement follows:

  The functions normalize_unicode(), get_hexpair(), write_hex_pair(),
  get_next_byte(), get_next_char(), get_ber_length(),
  ber_parse_primitive_string(), ber_parse_string(), String_normalize(),
  DirectoryString_normalize(), PrintableString_normalize(),
  IA5String_normalize(), ber_parse_primitive_bitstring(),
  ber_parse_bitstring(), getNext8bits(), bitString_normalize(), match_oid(),
  match_key(), get_validated_av_in_dn(), get_validated_rdn_in_dn(),
  and get_validated_dn() in this file were developed at the National Institute
  of Standards and Technology by employees of the Federal Government in the
  course of their official duties. Pursuant to title 17 Section 105 of the
  United States Code the code in these functions is not subject to copyright
  protection and is in the public domain. The copyright for all other code in
  this file is as specified below.
2001-07-13 08:21:14 +00:00
Pierangelo Masarati
b0a60a5d3d added function cache_find_entry_ndn2id that avoids an unnecessary call to dn_normalize; now dn2id calls this function, while the original function has been left as a wrapper 2001-07-11 08:41:42 +00:00
Pierangelo Masarati
27e5c484e6 reworked rdn_attrs to use ldap_explode_rdn; maybe we should remove escapes "\" from parts directly in ldap_explode_rdn 2001-07-10 18:19:22 +00:00
Gary Williams
453e69d636 fix bad debug message 2001-07-10 16:42:26 +00:00
Pierangelo Masarati
005823e032 Forbid empty ("") dn! (followup 5 to ITS#1173) 2001-07-09 10:35:43 +00:00
Pierangelo Masarati
2baa2f0f24 If add to "" is allowed, also modrdn should 2001-07-07 15:40:25 +00:00
Pierangelo Masarati
04c29fb3ea dn2idl API changed for consistency with other dn2id* funcs 2001-07-07 14:49:42 +00:00
Pierangelo Masarati
a4dc886f02 moved some slap_mods_* functions into mods.c, so mods.o can be included
by slapd/tools/*; slap_mods_free is needed by ldbm_back_modrdn after
fixing ITS#1184 (at present -DMULTIATTRVAL_RDN is needed when compiling
back-ldbm/modrdn.c to trigger the compilation of new code).
2001-07-07 09:13:05 +00:00
Pierangelo Masarati
da9ea54700 fixed test on "" (empty) parent dn 2001-07-06 14:40:27 +00:00
Pierangelo Masarati
f4acf94c83 honors '+' rdn separator in adding/deleting attributes; needs -DMULTIATTRVAL_RDN. Please test 2001-07-06 12:24:34 +00:00
Pierangelo Masarati
bff5608926 protos and declarations for charray and rdn stuff 2001-07-06 12:23:22 +00:00
Pierangelo Masarati
38ce12a6f6 added rdn_attrs: parses a rdn and returns types and values in two arrays (honors '+' separator according to RFC 2253) 2001-07-06 12:22:01 +00:00
Pierangelo Masarati
016328a1da added misc charray utilities 2001-07-06 12:20:26 +00:00
Kurt Zeilenga
38e8fefe17 Fix root dse checks 2001-07-06 02:14:47 +00:00
Kurt Zeilenga
9d6852d584 Correct X.500 reference 2001-07-06 02:11:17 +00:00