httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52464] New: mod_authnz_ldap does expensive sub-group processing prematurely
Date Fri, 13 Jan 2012 16:31:23 GMT

             Bug #: 52464
           Summary: mod_authnz_ldap does expensive sub-group processing
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authnz_ldap
    Classification: Unclassified

When a group has lots of non-subgroup users in it, the default
AuthLDAPSubGroupAttribute will not screen out these users and mod_ldap will do
an ldap_compare to check if each user is of class AuthLDAPSubGroupClass to
determine if it's a subgroup.

This causes a large flat group to generate many compares / take a long time if
we check them for subgroups.

Meanwhile. AuthLDAPGroupAttribute makes us iterate through different
attributes, but we don't check all the attributes for a flat-group match before
trying subgroups.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message