From: Howard Chu Date: Wed, 19 Aug 2009 08:35:05 +0000 (+0000) Subject: ITS#6152 bind caching X-Git-Tag: ACLCHECK_0~288 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e4c06b310cb9113305b8a00e2ce7a9602eaa5ec6;p=openldap ITS#6152 bind caching --- diff --git a/doc/man/man5/slapo-pcache.5 b/doc/man/man5/slapo-pcache.5 index 62947e2e98..33c91132ae 100644 --- a/doc/man/man5/slapo-pcache.5 +++ b/doc/man/man5/slapo-pcache.5 @@ -133,6 +133,29 @@ will only be refreshed while they have not expired, so the should be larger than the for this option to be useful. Entries are not refreshed by default ( set to 0). +.TP +.B pcacheBind +Specifies a template for caching Simple Bind credentials based on an +already defined \fBpcacheTemplate\fP. The is similar +to a except that it may have some values present. Its +purpose is to allow the overlay to generate filters similar to what other +applications do when they do a Search immediately before a Bind. E.g., +if a client like nss_ldap is configured to search for a user with the +filter "(&(objectClass=posixAccount)(uid=))" then the corresponding +template "(&(objectClass=posixAccount)(uid=))" should be used here. When +converted to a regular template e.g. "(&(objectClass=)(uid=))" this +template and the must match an already defined +\fBpcacheTemplate\fP clause. The "time to refresh" determines the +time interval after which the cached credentials will be refreshed. The +first Bind request that occurs after that time will trigger the refresh +attempt. Refreshes are not performed when the overlay is Offline. There +is no "time to live" parameter for the Bind credentials; the credentials +will expire according to the \fBpcacheTemplate\fP ttl. The and + should match the search scope and base used by the authentication +clients. The cached credentials are not stored in cleartext, they are +hashed using the default password hash. +By default Bind caching is not enabled. + .TP .B pcachePosition { head | tail } Specifies whether the response callback should be placed at the