httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52464] New: mod_authnz_ldap does expensive sub-group processing prematurely
Date Fri, 13 Jan 2012 16:31:23 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52464

             Bug #: 52464
           Summary: mod_authnz_ldap does expensive sub-group processing
                    prematurely
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authnz_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: covener@gmail.com
    Classification: Unclassified


When a group has lots of non-subgroup users in it, the default
AuthLDAPSubGroupAttribute will not screen out these users and mod_ldap will do
an ldap_compare to check if each user is of class AuthLDAPSubGroupClass to
determine if it's a subgroup.

This causes a large flat group to generate many compares / take a long time if
we check them for subgroups.


Meanwhile. AuthLDAPGroupAttribute makes us iterate through different
attributes, but we don't check all the attributes for a flat-group match before
trying subgroups.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message