Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:2.1:performances [2020/03/02 17:36]
maxbes
documentation:2.1:performances [2020/03/02 17:45] (current)
maxbes [LDAP performances]
Line 212: Line 212:
 <note important>​Don'​t forget to create an index on the field used to find users (uid by default)</​note>​ <note important>​Don'​t forget to create an index on the field used to find users (uid by default)</​note>​
  
-<note tip>To avoid having ​group dn stored ​in sessions datas, you can use a macro to rewrite memberOf: +<note tip>To avoid storing the full group DNs in session data, you can use a macro to rewrite ​''​memberOf''​:
-  * Exported variables +
-<​code>​ +
-ldapgroups -> memberOf +
-</​code>​ +
-For now, ldapgroups contains "​cn=admin,​dmdName=groups,​dc=example,​dc=com cn=su,​dmdName=groups,​dc=example,​dc=com"​+
  
-  * A little ​macro: +  * In *Exported variables*, export the ''​memberof''​ LDAP attribute as a ''​ldapGroups''​ session variable 
-<code perl> +    * key: ''​memberof''​ 
-ldapgroups -> join(" ",($ldapgroups ​=~ /​cn=(.*?​),/​g))+    * value: ''​ldapGroups''​ 
 + 
 +  * Next, add a ''​ldapGroups'' ​macro that will overwrite the exported attribute 
 +    * key: ''​ldapGroups''​ 
 +    * value:  
 +<code="perl"
 +join("",($ldapGroups ​=~ /​cn=(.*?​),/​g))
 </​code>​ </​code>​
-Now ldapgroups contains "admin su"+ 
 +''​ldapGroups''​ should now contain something like ''​adminsu''​ just like it would if you had used the regular, slower group resolution mechanism. 
 </​note>​ </​note>​