diff options
| author | Eric Covener <covener@apache.org> | 2013-09-23 15:42:06 +0200 |
|---|---|---|
| committer | Eric Covener <covener@apache.org> | 2013-09-23 15:42:06 +0200 |
| commit | 96fd5003e1c054af17e238fe4da77c11a8b26928 (patch) | |
| tree | 99fcb313b582b8e627a2cafd278aa8d0560e21f5 /docs | |
| parent | Remove grossly outdated browser compatibility column (diff) | |
| download | apache2-96fd5003e1c054af17e238fe4da77c11a8b26928.tar.xz apache2-96fd5003e1c054af17e238fe4da77c11a8b26928.zip | |
add a note about sub-group searching and large groups.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1525588 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
| -rw-r--r-- | docs/manual/mod/mod_authnz_ldap.html.en | 9 | ||||
| -rw-r--r-- | docs/manual/mod/mod_authnz_ldap.xml | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en index 652c4c94c4..c0ff919944 100644 --- a/docs/manual/mod/mod_authnz_ldap.html.en +++ b/docs/manual/mod/mod_authnz_ldap.html.en @@ -1132,6 +1132,15 @@ evaluated before the user search is discontinued.</td></tr> <p>See the <a href="#reqgroup"><code>Require ldap-group</code></a> section for a more detailed example.</p> + <div class="note"><h3>Nested groups performance</h3> + <p> When <code class="directive">AuthLDAPSubGroupAttribute</code> overlaps with + <code class="directive">AuthLDAPGroupAttribute</code> (as it does by default and + as required by common LDAP schemas), uncached searching for subgroups in + large groups can be very slow. If you use large, non-nested groups, set + <code class="directive">AuthLDAPMaxSubGroupDepth</code> to zero.</p> + </div> + + </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a> <a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2> diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml index 7d22417eba..c3d033a124 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml +++ b/docs/manual/mod/mod_authnz_ldap.xml @@ -1089,6 +1089,15 @@ evaluated before the user search is discontinued.</description> level <code>X</code> specified by this directive.</p> <p>See the <a href="#reqgroup"><code>Require ldap-group</code></a> section for a more detailed example.</p> + + <note><title>Nested groups performance</title> + <p> When <directive>AuthLDAPSubGroupAttribute</directive> overlaps with + <directive>AuthLDAPGroupAttribute</directive> (as it does by default and + as required by common LDAP schemas), uncached searching for subgroups in + large groups can be very slow. If you use large, non-nested groups, set + <directive>AuthLDAPMaxSubGroupDepth</directive> to zero.</p> + </note> + </usage> </directivesynopsis> |