-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
+ to avoid performance problems when subgroups aren't in use. [Eric Covener]
+
*) mod_syslog: New module implementing syslog ap_error_log provider.
Previously, this code was part of core, now it's in separate module.
[Jan Kaluza]
<description>Specifies the maximum sub-group nesting depth that will be
evaluated before the user search is discontinued.</description>
<syntax>AuthLDAPMaxSubGroupDepth <var>Number</var></syntax>
-<default>AuthLDAPMaxSubGroupDepth 10</default>
+<default>AuthLDAPMaxSubGroupDepth 0</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
-<compatibility>Available in version 2.3.0 and later</compatibility>
+<compatibility>Available in version 2.3.0 and later, defaulted to 10 in 2.4.x and early 2.5</compatibility>
<usage>
<p>When this directive is set to a non-zero value <code>X</code>
<p> When <directive>AuthLDAPSubGroupAttribute</directive> overlaps with
<directive>AuthLDAPGroupAttribute</directive> (as it does by default and
as required by common LDAP schemas), uncached searching for subgroups in
- large groups can be very slow. If you use large, non-nested groups, set
- <directive>AuthLDAPMaxSubGroupDepth</directive> to zero.</p>
+ large groups can be very slow. If you use large, non-nested groups, keep
+ <directive>AuthLDAPMaxSubGroupDepth</directive> set to zero.</p>
</note>
</usage>
sec->deref = always;
sec->group_attrib_is_dn = 1;
sec->secure = -1; /*Initialize to unset*/
- sec->maxNestingDepth = 10;
+ sec->maxNestingDepth = 0;
sec->sgAttributes = apr_pcalloc(p, sizeof (char *) * GROUPATTR_MAX_ELTS + 1);
sec->user_is_dn = 0;
projects / apache / commitdiff