LDAP group query optimisation
b.candler at pobox.com
Thu Oct 13 17:31:44 CEST 2016
On 13/10/2016 16:07, Arran Cudbard-Bell wrote:
> Actually RTFMing reveals:
> # If cacheable_name or cacheable_dn are enabled,
> # all group information for the user will be
> # retrieved from the directory and written to LDAP-Group
> # attributes appropriate for the instance of rlm_ldap.
> I added a note about it not just being for rlm_cache.
Great. That text did mean anything without the knowledge that
control:LDAP-Group is not a "real" attribute, unless you turn on those
Instead, it is a magical pseudo attribute which triggers
behind-the-scenes queries when you match on it.
Now grepping for paircompare_register in the code, it looks like there
are some other attributes which might have similar magical powers.
More information about the Freeradius-Users