On Wed, Apr 21, 2010 at 12:49 PM, Thomas, Peter <ptho...@hpti.com> wrote: > When the user's certificate subject is also the DN of the LDAP object, > one can optimize search and compare operations by doing a > LDAP_SCOPE_BASE search for the object based on the subject DN. I was > able to substitute a search for the exact LDAP object in the > authentication code. For authorization, I ran into a problem. The LDAP > search cache entries for a URL are unique by filter expression. If ANY > user was cached for a specific ldap-filter, the search cache has no way > of knowing that I'm applying that search to a different search base. I > could create a separate cache for every user encountered [i.e. by > changing the base component of the LDAP URL before calling any > uldap_cache_* function]. That seems painful. Thoughts? >
How important is this optimization to either Apache or the LDAP server? -- Eric Covener cove...@gmail.com