ldap cache

Alexander Clouter alex at digriz.org.uk
Thu Jan 13 00:00:28 CET 2011

Frank Cusack <frank+radius at linetwo.net> wrote:
> http://freeradius.org/radiusd/doc/tuning_guide
> (also in the distro)
> o Enable caching in the ldap module ...
> I can find no such feature, does this actually exist in the ldap module
> or is there another way to cache ldap results?  Did it used to exist?
I put a rlm_perl script together that can do this:



> Ideally I'd like to be able to consult ldap but after a configured
> timeout simply use a cached result.  Obviously I could do this with
> a script but why not have it all built-in.
The script I wrote was to speed up our EAP authentications and save 
pointlessly re-querying our LDAP servers.  It should be straight forward 
enough to adapt to your needs.

The problem with caching internally in FreeRADIUS is when do you cache, 
what do you cache, where do you repopulate the attributes with what is 
in the cache, what do you do with collisions (replace, append?), what 
are the conditions to extract data from the cache, etc etc

This is all site-specific logic unfortunately and I would imagine quite 
awkward to generalise without making the whole caching infrastructure 
too complicated to use.  Easier to find a local perl coder and get them 
to add caching logic for you :)


Alexander Clouter
.sigmonster says: "Open the pod bay doors, HAL."
                  		-- Dave Bowman, 2001

More information about the Freeradius-Users mailing list