Version 4 rlm_cache and LDAP cacheable_name
Brian Julin
BJulin at clarku.edu
Thu May 21 21:08:22 UTC 2026
TLDR: should I be using a different update block in the following for version 4?
cache ad-my-ldap-group-cache {
driver = "rbtree"
key = "%{User-Name}"
ttl = 5
add_stats = "no"
cacheable_name = "yes"
update {
control.ad-my-ldap-LDAP-Group := control.ad-my-ldap-LDAP-Group
}
}
... I ask because it seems that when loading the cache again, it copies the *same* value into multiple elements in the restored attribute, giving me [n] copies of whatever value ended up first in this list. So either something is broken or this is a subtle behavior of := in list assignments conflicting with the special currying of the rhs in this module and I need an alternate operator.
(a few values munged to protect internal identfiers)
(6.0) ad-my-ldap-group-cache - Found entry for "my.user.name"
(6.0) ad-my-ldap-group-cache - Merging cache entry into request
(6.0) ad-my-ldap-group-cache - control.ad-my-ldap-LDAP-Group := 'Group1'
(6.0) ad-my-ldap-group-cache - control.ad-my-ldap-LDAP-Group := 'Group2'
(6.0) ad-my-ldap-group-cache.load (updated)
(6.0) if (!control.ad-my-ldap-LDAP-Group) {
(6.0) | !
(6.0) | control.ad-my-ldap-LDAP-Group
(6.0) | %exists()
(6.0) | --> true
(6.0) | %unary_not({true})
(6.0) | --> false
(6.0) ...
(6.0) }
(6.0) if ("%{control.ad-my-ldap-LDAP-Group[0]}/%{control.ad-my-ldap-LDAP-Group[1]}/%{control.ad-my-ldap-LDAP-Group[2]}/%{control.ad-my-ldap-LDAP-Group[n]}" == "foo") {
(6.0) | control.ad-my-ldap-LDAP-Group[0]
(6.0) | control.ad-my-ldap-LDAP-Group[0]
(6.0) | --> Group2
(6.0) | control.ad-my-ldap-LDAP-Group[1]
(6.0) | --> Group2
(6.0) | control.ad-my-ldap-LDAP-Group[2]
(6.0) (null)
(6.0) | control.ad-my-ldap-LDAP-Group[n]
(6.0) | --> Group2
(6.0) | ({ngt_top/ngt_top//ngt_top} == {foo})
(6.0) | --> false
(6.0) ...
(6.0) }
More information about the Freeradius-Users
mailing list