instead of just the id2entry db. It helps. I also found that tweaking the
environment (set_lg_bsize 2MB; set_cachesize 2MB) helps but those can be
taken care of in a DB_CONFIG file. Tweaked the bdb_bt_compare function; it
really only needs to be set on little-endian machines. (On big-endian machines
a lexical sort gives the same result as an integer sort.) Moved the final
checkpoint back to the dbenv_close, I think this leaves a cleaner log file.
overflow/fragmentation. (This is now 16K vs default 4K.) It turns out
that the entries' on-disk format is quite space-inefficient, storing
4 bytes per pointer or integer when typically >50% of those bytes are
zero. Oh well. It's about a 2:1 space increase over ldbm now, vs 4:1
before when all the entries were overflowing the 4K pages.
now take only two arguments instead of 3, overwriting the result onto the
first argument. (glibc2.0.7 defaults to a 2MB stack per thread; 3 IDLs at
1.5MB plus various other runtime overhead is enough to trash the stack.)
Also pass in a tmp IDL from search_candidates instead of allocating it in
each candiate function.
compile cleanly when BDB_FILTER_INDICES is defined, but I have not
yet seen whether any of it actually works. In particular, I don't
understand the "range" argument to the candidate functions...
Includes rewriting of URLs where the DN of the referral object
and the DN of the ref attribute attribute are not the same.
Also, always returns explicit DN and scope.
Currently, back-ldbm only. Needs to be ported to back-bdb.
Developed by Steve Omrani/IBM
Copyright IBM Corp. 2001
Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001. No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.
Use presence indices in support of >= and <=.
(Note presence indices could be used to support = and substr in
like fashion where eq and substr indices are not maintained, but
I'll save that for another day.)
Developed by Julius Enarusai/IBM
Copyright IBM Corp. 2001
Use of this source code is subject to the terms of The OpenLDAP
Public License Version 2.7, 7 September 2001. No trademarks of the
IBM Corporation are to be used to identify, endorse or promote any
products derived from this code without the prior written consent
of IBM.
in a check. This way you have to say:
index userCertificate eq
If we remove it, we could say:
index userCertificate;binary eq
I have not tried the latter.
you can search efficiently the directory for a certificate.
Notice that we index certificates just as serial integers. A full
index should combine the issuer DN too, but I think in most scenarios
that would be extremely redundant and of little benefit. We can add
an option later to do full indexing.
Apparently, we refuse to index ;binary attributes. That is mostly
bogus. Whether it is indexable or not depends on whether we know how
to or not, nothing more. I.e., the existance of indexer and filter
functions for the matching rules that are relevant to the attribute
type.
values as stored in the entry on the one hand and an assertion value
that is not necessarily of the same syntax. So tell value_match this
is the case by setting SLAP_MR_VALUE_IS_IN_MR_SYNTAX in flags.
if needed. This is controlled by SLAP_MR_VALUE_IS_IN_MR_SYNTAX,
a new flag that should be set when evaluating filters such as in
searches and compares and unset otherwise (such as in modify).
Now, some callers of value_match, notably value_find, don't know
whether to set it or not. We'll see to that.
Changed AttributeDescription.{ad_cname,ad_lang} to struct berval everywhere
Deleted ad_free() everywhere
Added ad_mutex to init.c
The AttributeDescriptions are in a linked list hanging off of the
corresponding AttributeType.
error reporting to client and syslog. And indexing, of course.
Now, the problem is that matching rules get called from different
places that are inconsistent in what an assertedValue is. When doing
a modify, a full certificate value is passed (to verify it isn't
already there). When doing a search or compare, the passed value is
in the syntax of the matching rule.
Consistency would require that the caller extracts an asserted value
from the full value before calling smr_match. It can do this by
calling smr_convert (it was unused, was it meant to be used for
this?).
Unfortunately, the caller is typically value_find, value_match, etc.
that have themselves little knowledge of what they are dealing with,
so their interface needs to be extended, new flag values or new
arguments, so that they know if they have a value in attribute type
syntax or in matching rule syntax.
