New LDAP module in "master"

Alan DeKok aland at
Tue Nov 13 14:48:39 CET 2012

  I've re-written the LDAP module in "master".  The code is simpler,
cleaner, and easier to understand.

  It is largely compatible in function with the old module, with the
following differences:

- the eDirectory code has been removed.  I don't run eDir, and I can't
  test it.  Patches to re-add it are welcome

- the module uses the new connection pool API.  As a result, its
  configuration is more in line with the rest of the server

- the config items have been reorganized to make more sense.
  The names are similar, but they're grouped into sections

  I've tested it against a number of LDAP servers.  It seems to be
stable, and performs at 6K queries per second in sustained load.  The
old module was much less than that.

  The new connection pool also means that the module can re-use
connections in more situations.  Previously, the module would close and
then re-open connections many times.  Now, it does so much less often.

  The next steps are:

- add eDir support (if people need it)

- move "ldap.attrmap" to the module configuration.

  Alan DeKok.

More information about the Freeradius-Devel mailing list