I am using the groupmembership_attribute to add users to certain groups,
unfortunately rlm_ldap will always also run a subtree search using the
groupmembership_filter, which for my case is completely useless. From what I
see in the code, there seems to be no way to switch this search off. Would it
not be a good idea to allow the user to set this filter (or perhaps the
groupname_attribute) to something like NONE that would tell rlm_ldap not
to bother? Saving one unnecessary search over possibly a large tree could
be worth the bother. To make things easier I have set up the
groupmembership_filter to (objecClass = nosuchclass), this way with
indexing over the object class the negative reply to this search should be
quick enough, but still I would prefer to simply save this extra call.
Perhaps there is some way that I have overlooked?
Yours
Tomasz
--
Tomasz Wolniewicz
[EMAIL PROTECTED] http://www.uni.torun.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
