When an internal entry is created in id2entry all attributes are scanned in attrcrypt_decrypt_entry() and checked if they need to be decrypted. This involves one or two traversals of the ainfo tree for each attribute even if not a single attribute is encrypted. If no attrs are encrypted this can easily be detected in the variable inst->attrcrypt_configured. If there are attrs encrypted it might be speed up the lookup if they would be hold in a seperate ainfo tree
Bug description: When an internal entry is created in id2entry, all attributes are scanned in attrcrypt_decrypt_entry() and checked if they need to be decrypted regardless of SSL configured on the server or not.
Fix description: In attrcrypt_encrypt_ and attrcrypt_decrypt_ functions, this patch checks the attrcrypt_configured flag. It goes scanning the attribute list only when the encrypt_ configured flag is set to true.
git patch file (master) 0001-Ticket-533-only-scan-for-attributes-to-decrypt-if-th.patch
Reviewed by Mark (Thank you!!)
Pushed to master: commit f034f2b
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.3.1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/533
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.