Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:performances [2019/12/23 21:53]
cmaudoux [Disable unused modules]
documentation:latest:performances [2020/03/02 17:44] (current)
maxbes [LDAP performances]
Line 46: Line 46:
   * macros are used to extend (or rewrite) [[exportedvars|exported variables]]. A macro is stored as attributes: it can contain boolean results or any string   * macros are used to extend (or rewrite) [[exportedvars|exported variables]]. A macro is stored as attributes: it can contain boolean results or any string
   * macros can also be used to import environment variables //(these variables are in CGI format)//. Example: ''​$ENV{HTTP_COOKIE}''​   * macros can also be used to import environment variables //(these variables are in CGI format)//. Example: ''​$ENV{HTTP_COOKIE}''​
-  * groups are stored as space-separated ​strings ​in the special attribute ​"groups": it contains the names of groups whose rules were returned true for the current user+  * groups are stored as a string with values ​separated ​by '';​ ''​ (default values separator) ​in the special attribute ​''​groups''​: it contains the names of groups whose rules were returned true for the current user. For example: 
 +<code perl> 
 +$groups = group3; admin 
 +</​code>​
   * You can also get groups in ''​$hGroups''​ which is a Hash Reference of this form:   * You can also get groups in ''​$hGroups''​ which is a Hash Reference of this form:
 <code perl> <code perl>
Line 209: Line 212:
 <note important>​Don'​t forget to create an index on the field used to find users (uid by default)</​note>​ <note important>​Don'​t forget to create an index on the field used to find users (uid by default)</​note>​
  
-<note tip>To avoid having ​group dn stored ​in sessions datas, you can use a macro to rewrite memberOf: +<note tip>To avoid storing the full group DNs in session data, you can use a macro to rewrite ​''​memberOf''​:
-  * Exported variables +
-<​code>​ +
-ldapgroups -> memberOf +
-</​code>​ +
-For now, ldapgroups contains "​cn=admin,​dmdName=groups,​dc=example,​dc=com cn=su,​dmdName=groups,​dc=example,​dc=com"​+
  
-  * A little ​macro: +  * In *Exported variables*, export the ''​memberof''​ LDAP attribute as a ''​ldapGroups''​ session variable 
-<code perl> +    * key: ''​memberof''​ 
-ldapgroups -> join(" ",($ldapgroups ​=~ /​cn=(.*?​),/​g))+    * value: ''​ldapGroups''​ 
 + 
 +  * Next, add a ''​ldapGroups'' ​macro that will overwrite the exported attribute 
 +    * key: ''​ldapGroups''​ 
 +    * value:  
 +<code="perl"
 +join("",($ldapGroups ​=~ /​cn=(.*?​),/​g))
 </​code>​ </​code>​
-Now ldapgroups contains "admin su"+ 
 +''​ldapGroups''​ should now contain something like ''​adminsu''​ just like it would if you had used the regular, slower group resolution mechanism. 
 </​note>​ </​note>​