[Auth_ldap] Re: recursive groups in auth_ldap
dave at rudedog.org
Wed Nov 22 16:26:34 PST 2000
"Brandon Macdonald" <brandon at mercatorsystems.com> writes:
> Is there a way to include one group in another so that I don't have to
> reenter all the names?
Not with auth_ldap 1.4.x, and not with 1.5.x for now. I have had
requests for recursive group lookups before, but haven't quite figured
out how to handle it and still preserve performance. Right now,
auth_ldap does a single ldap_compare operation, which is fast and
requires very little network traffic.
To do recursive group lookups would require the same compare operation,
plus a fetch of the group entry, then a fetch of each attritube of the
group, and a fetch of those entries in turn, and that's just for a
single level of recursion.
This is actually something that would be much better done as a server
extension, but I'm not aware of any work in that area.
Dave Carrigan (dave at rudedog.org) | Yow! If this is the DATING GAME
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | I want to know your FAVORITE
Seattle, WA, USA | PLANET! Do I get th' MICROWAVE
http://www.rudedog.org/ | MOPED?
More information about the Auth_ldap