On 05/23/2013 07:43 PM, Franks Andy (RLZ) IT Systems Engineer wrote:
Seems a bit excessive to do it each request. I know it’s not something likely to changegidoften but would like to not have to update itat all should it change. We have an “over zealous” AD administrator..
But primary group is per-user, so you have to look it up per-request. You do for other groups too; aside from Microsofts irritating schema decision, this is no different.
You could probably play with rlm_cache to cache either the lookup, or better yet the higher-level "decision" result, keyed by username.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
