[Date Prev][Date Next] [Chronological] [Thread] [Top]

PATCH: cache_groupacl {on|off}



This patch is applicable to OpenLDAP 2.1.22, but it MAY be applicable to
the current snapshots.

It allows turning on/off the caching of Group ACL evaluations, to force
group ACL evaluation every time.  In my particular setup, the side
effect from the caching that the ACL would be "frozen" at its initial
evaluation and never refreshed posed a problem.

The performance hit was acceptable, in exchange for the added security
consistency.  YMMV, and use only when 100% necessary according to your
particular setups.

So I came up with this config option to allow startup-time selection of
behavior.  The default is "on" , to match the same behavior as if the
patch were not present.

Best

-- 
===========================================================
* Diego Rivera                                            *
*                                                         *
* "The Disease: Windows, the cure: Linux"                 *
*                                                         *
* E-mail: lrivera<AT>racsa<DOT>co<DOT>cr                  *
* Replace: <AT>='@', <DOT>='.'                            *
*                                                         *
* GPG: BE59 5469 C696 C80D FF5C  5926 0B36 F8FF DA98 62AD *
* GPG Public Key avaliable at: http://pgp.mit.edu         *
===========================================================

Attachment: openldap-2.1.22-enable_cache_groupacl.patch.bz2
Description: application/bzip

Attachment: signature.asc
Description: This is a digitally signed message part