I am using the groupmembership_attribute to add users to certain groups, unfortunately rlm_ldap will always also run a subtree search using the groupmembership_filter, which for my case is completely useless. From what I see in the code, there seems to be no way to switch this search off. Would it not be a good idea to allow the user to set this filter (or perhaps the groupname_attribute) to something like NONE that would tell rlm_ldap not to bother? Saving one unnecessary search over possibly a large tree could be worth the bother. To make things easier I have set up the groupmembership_filter to (objecClass = nosuchclass), this way with indexing over the object class the negative reply to this search should be quick enough, but still I would prefer to simply save this extra call.
Perhaps there is some way that I have overlooked? Yours Tomasz -- Tomasz Wolniewicz [EMAIL PROTECTED] http://www.uni.torun.pl/~twoln Uczelniane Centrum Informatyczne Information&Communication Technology Centre Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University, pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html