<p>See the <a href="#reqgroup"><code>Require ldap-group</code></a>
section for a more detailed example.</p>
+ <div class="note"><h3>Nested groups performance</h3>
+ <p> When <code class="directive">AuthLDAPSubGroupAttribute</code> overlaps with
+ <code class="directive">AuthLDAPGroupAttribute</code> (as it does by default and
+ as required by common LDAP schemas), uncached searching for subgroups in
+ large groups can be very slow. If you use large, non-nested groups, set
+ <code class="directive">AuthLDAPMaxSubGroupDepth</code> to zero.</p>
+ </div>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a> <a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2>
level <code>X</code> specified by this directive.</p>
<p>See the <a href="#reqgroup"><code>Require ldap-group</code></a>
section for a more detailed example.</p>
+
+ <note><title>Nested groups performance</title>
+ <p> When <directive>AuthLDAPSubGroupAttribute</directive> overlaps with
+ <directive>AuthLDAPGroupAttribute</directive> (as it does by default and
+ as required by common LDAP schemas), uncached searching for subgroups in
+ large groups can be very slow. If you use large, non-nested groups, set
+ <directive>AuthLDAPMaxSubGroupDepth</directive> to zero.</p>
+ </note>
+
</usage>
</directivesynopsis>
projects / apache / commitdiff