From 9fa4ac629eb23f1ef80cca8dbb98059819f49656 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Sat, 23 Jan 2016 14:05:19 +0200 Subject: [PATCH] ldap auth: %variables in pass/user_attrs are now included in auth cache key. This makes sure that the result won't be cached too aggressively, for example if %{lport} or %{rip} was used as a field's value. Although each of these fields just makes the cache less effective, so it's a good idea to avoid variables entirely in the pass/user_attrs. An alternative is to use passdb/userdb { override_fields } --- src/auth/passdb-ldap.c | 1 + src/auth/userdb-ldap.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c index 0fcd16cb19..5e7b9de50f 100644 --- a/src/auth/passdb-ldap.c +++ b/src/auth/passdb-ldap.c @@ -439,6 +439,7 @@ passdb_ldap_preinit(pool_t pool, const char *args) module->module.cache_key = auth_cache_parse_key(pool, t_strconcat(conn->set.base, + conn->set.pass_attrs, conn->set.pass_filter, NULL)); module->module.default_pass_scheme = conn->set.default_pass_scheme; return &module->module; diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c index 3eb9ef83bd..146eae5191 100644 --- a/src/auth/userdb-ldap.c +++ b/src/auth/userdb-ldap.c @@ -269,6 +269,7 @@ userdb_ldap_preinit(pool_t pool, const char *args) module->module.cache_key = auth_cache_parse_key(pool, t_strconcat(conn->set.base, + conn->set.user_attrs, conn->set.user_filter, NULL)); return &module->module; } -- 2.47.3