On Tue, 30 Nov 2004, LALOT Dominique wrote:
I noticed too, there is no scope in the ldap configuration. It's time consuming for nothing.
I know what the DN is and found no way to avoid the search uid=xxx
That has nothing to do with ldap group searches. If Ldap-User-DN is set then we avoid the search for the username (apart from the first one in the authorize section of course). Even that one *could* be avoided (code changes are needed) if you set the Ldap-USer-DN before calling the ldap module. Although that won't really give you any noticeable performance boost.
There's some little improvements todo I think.
Tomasz Wolniewicz a crit :
I am using the groupmembership_attribute to add users to certain groups,
unfortunately rlm_ldap will always also run a subtree search using the
groupmembership_filter, which for my case is completely useless. From what I
see in the code, there seems to be no way to switch this search off. Would it
not be a good idea to allow the user to set this filter (or perhaps the
groupname_attribute) to something like NONE that would tell rlm_ldap not
to bother? Saving one unnecessary search over possibly a large tree could
be worth the bother. To make things easier I have set up the
groupmembership_filter to (objecClass = nosuchclass), this way with
indexing over the object class the negative reply to this search should be
quick enough, but still I would prefer to simply save this extra call.
Perhaps there is some way that I have overlooked?
Yours Tomasz
-- Dominique LALOT Ingnieur Systme Rseau CISCAM Pole Rseau Universit de la Mditerrane http://annuaire.univ-mrs.fr/showuser.php?uid=lalot
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html