LDAP group query optimisation

Brian Candler b.candler at pobox.com
Thu Oct 13 17:31:44 CEST 2016


On 13/10/2016 16:07, Arran Cudbard-Bell wrote:
> Actually RTFMing reveals:
>
> 		#  If cacheable_name or cacheable_dn are enabled,
> 		#  all group information for the user will be
> 		#  retrieved from the directory and written to LDAP-Group
> 		#  attributes appropriate for the instance of rlm_ldap.
>
> I added a note about it not just being for rlm_cache.

Great. That text did mean anything without the knowledge that 
control:LDAP-Group is not a "real" attribute, unless you turn on those 
cacheable_xxxx attributes.

Instead, it is a magical pseudo attribute which triggers 
behind-the-scenes queries when you match on it.

Now grepping for paircompare_register in the code, it looks like there 
are some other attributes which might have similar magical powers.



More information about the Freeradius-Users mailing list