ldap cache
Alexander Clouter
alex at digriz.org.uk
Thu Jan 13 00:00:28 CET 2011
Frank Cusack <frank+radius at linetwo.net> wrote:
>
> http://freeradius.org/radiusd/doc/tuning_guide
>
> (also in the distro)
>
> LDAP MODULE
> o Enable caching in the ldap module ...
>
> I can find no such feature, does this actually exist in the ldap module
> or is there another way to cache ldap results? Did it used to exist?
>
I put a rlm_perl script together that can do this:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg65781.html
http://stuff.digriz.org.uk/cache_ldap-userdn.pm
> Ideally I'd like to be able to consult ldap but after a configured
> timeout simply use a cached result. Obviously I could do this with
> a script but why not have it all built-in.
>
The script I wrote was to speed up our EAP authentications and save
pointlessly re-querying our LDAP servers. It should be straight forward
enough to adapt to your needs.
The problem with caching internally in FreeRADIUS is when do you cache,
what do you cache, where do you repopulate the attributes with what is
in the cache, what do you do with collisions (replace, append?), what
are the conditions to extract data from the cache, etc etc
This is all site-specific logic unfortunately and I would imagine quite
awkward to generalise without making the whole caching infrastructure
too complicated to use. Easier to find a local perl coder and get them
to add caching logic for you :)
Cheers
--
Alexander Clouter
.sigmonster says: "Open the pod bay doors, HAL."
-- Dave Bowman, 2001
More information about the Freeradius-Users
mailing list