Re: [PATCH] Nested groups
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [PATCH] Nested groups
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: [PATCH] Nested groups
- Date: Mon, 25 Mar 2013 20:57:36 +0100
On Mon, 2013-03-25 at 08:45 +0100, Marcus Moeller wrote:
> > For the forward lookups this shouldn't result in extra searches if
> > no nested groups are used but it will slow down the reverse search
> > because for each group found an extra search is performed. For this
> > reason a nss_nested_groups configuration option was added which can
> > be used to enable this new functionality (default is false).
>
> I have not taken a look at the code yet, but we need to make sure that
> this feature can either been disabled and/or the nested group depth can
> be specified.
>
> We got a large number of nested groups here with reverse nesting, which
> might lead to extreme long lookup times, otherwise.
The functionality will be disabled by default and can be enabled with
nss_nested_groups as specified above.
My first approach was a nss_group_depth option to limit the depth but
after switching to the queue-based logic that became harder to
implement. Patches for a depth limit are welcome.
In any case the current code should avoid all kinds of group loops.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Re: [PATCH] Nested groups, (continued)
