On Tue, 30 Nov 2004, Tomasz Wolniewicz wrote:
I am using the groupmembership_attribute to add users to certain groups, unfortunately rlm_ldap will always also run a subtree search using the groupmembership_filter, which for my case is completely useless. From what I see in the code, there seems to be no way to switch this search off. Would it not be a good idea to allow the user to set this filter (or perhaps the groupname_attribute) to something like NONE that would tell rlm_ldap not to bother? Saving one unnecessary search over possibly a large tree could be worth the bother. To make things easier I have set up the groupmembership_filter to (objecClass = nosuchclass), this way with indexing over the object class the negative reply to this search should be quick enough, but still I would prefer to simply save this extra call.
Perhaps there is some way that I have overlooked?
You 're right on that. The code should first do a search based on the groupmembership_attribute (if it is set) and if that fails then use groupmembership_filter. Can you also open a bug report on bugs.freeradius.org for that please?
I 'll try and make the changes (they 're rather trivail) as soon as possible.
Yours Tomasz
-- Tomasz Wolniewicz [EMAIL PROTECTED] http://www.uni.torun.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University, pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
