httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1525588 - in /httpd/httpd/trunk/docs/manual/mod: mod_authnz_ldap.html.en mod_authnz_ldap.xml
Date Mon, 23 Sep 2013 13:42:07 GMT
Author: covener
Date: Mon Sep 23 13:42:06 2013
New Revision: 1525588

URL: http://svn.apache.org/r1525588
Log:
add a note about sub-group searching and large groups.


Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en?rev=1525588&r1=1525587&r2=1525588&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en Mon Sep 23 13:42:06 2013
@@ -1132,6 +1132,15 @@ evaluated before the user search is disc
    <p>See the <a href="#reqgroup"><code>Require ldap-group</code></a>
    section for a more detailed example.</p>
 
+   <div class="note"><h3>Nested groups performance</h3>
+   <p> When <code class="directive">AuthLDAPSubGroupAttribute</code> overlaps
with
+   <code class="directive">AuthLDAPGroupAttribute</code> (as it does by default
and
+   as required by common LDAP schemas), uncached searching for subgroups in 
+   large groups can be very slow. If you use large, non-nested groups, set 
+   <code class="directive">AuthLDAPMaxSubGroupDepth</code> to zero.</p>
+   </div>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a>
<a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml?rev=1525588&r1=1525587&r2=1525588&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml Mon Sep 23 13:42:06 2013
@@ -1089,6 +1089,15 @@ evaluated before the user search is disc
    level <code>X</code> specified by this directive.</p>
    <p>See the <a href="#reqgroup"><code>Require ldap-group</code></a>
    section for a more detailed example.</p>
+
+   <note><title>Nested groups performance</title>
+   <p> When <directive>AuthLDAPSubGroupAttribute</directive> overlaps with
+   <directive>AuthLDAPGroupAttribute</directive> (as it does by default and
+   as required by common LDAP schemas), uncached searching for subgroups in 
+   large groups can be very slow. If you use large, non-nested groups, set 
+   <directive>AuthLDAPMaxSubGroupDepth</directive> to zero.</p>
+   </note>
+
 </usage>
 </directivesynopsis>
 



Mime
View raw message