# free_delay = 10
}
}
+
+ #
+ # ### Bind Connection Pool
+ #
+ # This connection pool is used for LDAP binds used to authenticate requests when
+ # calling the ldap module in authenticate context. If passwords are retrieved
+ # from the ldap directory and FreeRADIUS performs the authentication then this is
+ # not used.
+ #
+ # The options are essentially identical to the pool section above with certain
+ # limitations. Since only one bind operation can be in progress on a connection at
+ # a time, `per_connection_max` and `per_connection_target` are always set to 1.
+ #
+ # This limitation means that `max` represents the maximum number of in progress
+ # binds which there can be on a single thread.
+ #
+ bind_pool {
+ start = 0
+ min = 1
+ max = 1000
+ }
}
#
fr_rb_tree_t *trunks; //!< Tree of LDAP trunks used by this thread
fr_ldap_config_t *config; //!< Module instance config
fr_trunk_conf_t *trunk_conf; //!< Module trunk config
+ fr_trunk_conf_t *bind_trunk_conf; //!< Trunk config for bind auth trunk
fr_event_list_t *el; //!< Thread event list for callbacks / timeouts
fr_connection_t *conn; //!< LDAP connection used for bind auths
fr_rb_tree_t *binds; //!< Tree of outstanding bind auths
{ FR_CONF_OFFSET("pool", FR_TYPE_SUBSECTION, rlm_ldap_t, trunk_conf), .subcs = (void const *) fr_trunk_config },
+ { FR_CONF_OFFSET("bind_pool", FR_TYPE_SUBSECTION, rlm_ldap_t, bind_trunk_conf),
+ .subcs = (void const *) fr_trunk_config },
+
CONF_PARSER_TERMINATOR
};
t->config = &inst->handle_config;
t->trunk_conf = &inst->trunk_conf;
+ t->bind_trunk_conf = &inst->bind_trunk_conf;
t->el = mctx->el;
/*
inst->cache_da = inst->group_da; /* Default to the group_da */
}
+ /*
+ * Trunks used for bind auth can only have one request in flight per connection.
+ */
+ inst->bind_trunk_conf.target_req_per_conn = 1;
+ inst->bind_trunk_conf.max_req_per_conn = 1;
+
xlat = xlat_func_register_module(NULL, mctx, mctx->inst->name, ldap_xlat, FR_TYPE_STRING);
xlat_func_mono_set(xlat, ldap_xlat_arg);
fr_ldap_config_t handle_config; //!< Connection configuration instance.
fr_trunk_conf_t trunk_conf; //!< Trunk configuration
+ fr_trunk_conf_t bind_trunk_conf; //!< Trunk configuration for trunk used for bind auths
} rlm_ldap_t;
/** Module environment used in LDAP authorization
projects / thirdparty / freeradius-server.git / commitdiff
