ldap auth: %variables in pass/user_attrs are now included in auth cache key.

This makes sure that the result won't be cached too aggressively, for example
if %{lport} or %{rip} was used as a field's value. Although each of these
fields just makes the cache less effective, so it's a good idea to avoid
variables entirely in the pass/user_attrs. An alternative is to use
passdb/userdb { override_fields }

diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c
index 0fcd16cb19941968289bce2bf84f3862a8b61f93..5e7b9de50fe2a609b601594cc97e7c20825a1937 100644 (file)
--- a/src/auth/passdb-ldap.c
+++ b/src/auth/passdb-ldap.c
@@ -439,6 +439,7 @@ passdb_ldap_preinit(pool_t pool, const char *args)
        module->module.cache_key =
                auth_cache_parse_key(pool,
                                     t_strconcat(conn->set.base,
+                                                conn->set.pass_attrs,
                                                 conn->set.pass_filter, NULL));
        module->module.default_pass_scheme = conn->set.default_pass_scheme;
        return &module->module;

diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c
index 3eb9ef83bd7e10016cc8c74e8aac907720882141..146eae5191ba20d8466146f297c1a0b09aad6636 100644 (file)
--- a/src/auth/userdb-ldap.c
+++ b/src/auth/userdb-ldap.c
@@ -269,6 +269,7 @@ userdb_ldap_preinit(pool_t pool, const char *args)
        module->module.cache_key =
                auth_cache_parse_key(pool,
                                     t_strconcat(conn->set.base,
+                                                conn->set.user_attrs,
                                                 conn->set.user_filter, NULL));
        return &module->module;
 }