Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:performances [2020/04/16 15:07]
maxbes [Macros and groups] document new inGroup macro
documentation:2.1:performances [2020/05/10 11:43]
maxbes [LDAP performances]
Line 197: Line 197:
 <note tip>To avoid storing the full group DNs in session data, you can use a macro to rewrite ''​memberOf'':​ <note tip>To avoid storing the full group DNs in session data, you can use a macro to rewrite ''​memberOf'':​
  
-  * In *Exported variables*, export the ''​memberof''​ LDAP attribute as a ''​ldapGroups''​ session variable +  * In *Exported variables*, export the ''​memberOf''​ LDAP attribute as a ''​ldapGroups''​ session variable 
-    * key: ''​memberof''​ +    * key: ''​ldapGroups''​ 
-    * value: ''​ldapGroups''​+    * value: ''​memberOf''​
  
   * Next, add a ''​ldapGroups''​ macro that will overwrite the exported attribute   * Next, add a ''​ldapGroups''​ macro that will overwrite the exported attribute
Line 210: Line 210:
 ''​ldapGroups''​ should now contain something like ''​admin;​ su''​ just like it would if you had used the regular, slower group resolution mechanism. ''​ldapGroups''​ should now contain something like ''​admin;​ su''​ just like it would if you had used the regular, slower group resolution mechanism.
  
 +You can use [[extendedfunctions#​listmatch|listMatch($ldapGroups,​ "​some_group"​)]] in your access rules.
 </​note>​ </​note>​