www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Enabled negative caching on attribute comparisons in the LDAP cache.

Browse Source 
Fixed a problem where the default cache TTL was set in milliseconds
not microseconds causing the cache to time out almost immediately.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90340 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Graham Leggett
2001-08-18 21:10:03 +00:00
parent ac47087550
commit 38c3d804d5
5 changed files with 50 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -1,5 +1,10 @@
Changes with Apache 2.0.25-dev Changes with Apache 2.0.25-dev
*) Enabled negative caching on attribute comparisons in the LDAP cache.
Fixed a problem where the default cache TTL was set in milliseconds
not microseconds causing the cache to time out almost immediately.
[Graham Leggett]
*) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
module code to follow APR. [Graham Leggett] module code to follow APR. [Graham Leggett]

4
modules/aaa/mod_auth_ldap.c
View File

@@ -505,8 +505,8 @@ int mod_auth_ldap_auth_checker(request_rec *r)
case LDAP_COMPARE_TRUE: { case LDAP_COMPARE_TRUE: {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
"[%d] auth_ldap authorise: require group: " "[%d] auth_ldap authorise: require group: "
"authorisation successful (attribute %s)", "authorisation successful (attribute %s) [%s][%s]",
getpid(), ent[i].name); getpid(), ent[i].name, ldc->reason, ldap_err2string(result));
return OK; return OK;
} }
default: { default: {

62
modules/ldap/util_ldap.c
View File

@@ -60,16 +60,6 @@
* Copyright 1999-2001 Dave Carrigan * Copyright 1999-2001 Dave Carrigan
*/ */
/*
* FIXME:
*
* - The compare cache presently does not have the ability to
* cache negatively. This has the negative effect of requiring
* a connect/bind/compare/unbind/disconnect when two or more
* atrributes are optional for group membership, and performance
* sucks as a result.
*/
#include <apr_ldap.h> #include <apr_ldap.h>
#ifdef APU_HAS_LDAP #ifdef APU_HAS_LDAP
@@ -209,7 +199,7 @@ void util_ldap_connection_close(util_ldap_connection_t *ldc)
/* /*
* Destroys an LDAP connection by unbinding. This function is registered * Destroys an LDAP connection by unbinding. This function is registered
* with the pool cleanup function - causing the LDAP connections to be * with the pool cleanup function - causing the LDAP connections to be
* shut down cleanly on thread exit. * shut down cleanly on graceful restart.
*/ */
apr_status_t util_ldap_connection_destroy(void *param) apr_status_t util_ldap_connection_destroy(void *param)
{ {
@@ -646,6 +636,7 @@ int util_ldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
the_compare_node.dn = (char *)dn; the_compare_node.dn = (char *)dn;
the_compare_node.attrib = (char *)attrib; the_compare_node.attrib = (char *)attrib;
the_compare_node.value = (char *)value; the_compare_node.value = (char *)value;
the_compare_node.result = 0;
compare_nodep = util_ald_cache_fetch(curl->compare_cache, &the_compare_node); compare_nodep = util_ald_cache_fetch(curl->compare_cache, &the_compare_node);
@@ -659,8 +650,22 @@ int util_ldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
/* ...and it is good */ /* ...and it is good */
/* unlock this read lock */ /* unlock this read lock */
apr_lock_release(util_ldap_cache_lock); apr_lock_release(util_ldap_cache_lock);
ldc->reason = "Comparison successful (cached)"; if (LDAP_COMPARE_TRUE == compare_nodep->result) {
return LDAP_COMPARE_TRUE; ldc->reason = "Comparison true (cached)";
return compare_nodep->result;
}
else if (LDAP_COMPARE_FALSE == compare_nodep->result) {
ldc->reason = "Comparison false (cached)";
return compare_nodep->result;
}
else if (LDAP_NO_SUCH_ATTRIBUTE == compare_nodep->result) {
ldc->reason = "Comparison no such attribute (cached)";
return compare_nodep->result;
}
else {
ldc->reason = "Comparison undefined (cached)";
return compare_nodep->result;
}
} }
} }
/* unlock this read lock */ /* unlock this read lock */
@@ -685,15 +690,30 @@ start_over:
ldc->reason = "ldap_compare_s() failed with server down"; ldc->reason = "ldap_compare_s() failed with server down";
goto start_over; goto start_over;
} }
if (result == LDAP_COMPARE_TRUE) { ldc->reason = "Comparison complete";
/* compare succeeded; caching result */ if ((LDAP_COMPARE_TRUE == result) ||
(LDAP_COMPARE_FALSE == result) ||
(LDAP_NO_SUCH_ATTRIBUTE == result)) {
/* compare completed; caching result */
apr_lock_acquire_rw(util_ldap_cache_lock, APR_WRITER); apr_lock_acquire_rw(util_ldap_cache_lock, APR_WRITER);
the_compare_node.lastcompare = curtime; the_compare_node.lastcompare = curtime;
the_compare_node.result = result;
util_ald_cache_insert(curl->compare_cache, &the_compare_node); util_ald_cache_insert(curl->compare_cache, &the_compare_node);
apr_lock_release(util_ldap_cache_lock); apr_lock_release(util_ldap_cache_lock);
if (LDAP_COMPARE_TRUE == result) {
ldc->reason = "Comparison true (adding to cache)";
return LDAP_COMPARE_TRUE;
}
else if (LDAP_COMPARE_FALSE == result) {
ldc->reason = "Comparison false (adding to cache)";
return LDAP_COMPARE_FALSE;
}
else {
ldc->reason = "Comparison no such attribute (adding to cache)";
return LDAP_NO_SUCH_ATTRIBUTE;
}
} }
ldc->reason = "Comparison complete";
return result; return result;
} }
@@ -888,7 +908,7 @@ static const char *util_ldap_set_cache_ttl(cmd_parms *cmd, void *dummy, const ch
(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
&ldap_module); &ldap_module);
st->search_cache_ttl = atol(ttl) * 1000; st->search_cache_ttl = atol(ttl) * 1000000;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
"[%d] ldap cache: Setting cache TTL to %ld microseconds.", "[%d] ldap cache: Setting cache TTL to %ld microseconds.",
@@ -922,7 +942,7 @@ static const char *util_ldap_set_opcache_ttl(cmd_parms *cmd, void *dummy, const
(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
&ldap_module); &ldap_module);
st->compare_cache_ttl = atol(ttl) * 1000; st->compare_cache_ttl = atol(ttl) * 1000000;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
"[%d] ldap cache: Setting operation cache TTL to %ld microseconds.", "[%d] ldap cache: Setting operation cache TTL to %ld microseconds.",
@@ -978,9 +998,9 @@ void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
st->pool = p; st->pool = p;
st->cache_bytes = 100000; st->cache_bytes = 100000;
st->search_cache_ttl = 600000; st->search_cache_ttl = 600000000;
st->search_cache_size = 1024; st->search_cache_size = 1024;
st->compare_cache_ttl = 600000; st->compare_cache_ttl = 600000000;
st->compare_cache_size = 1024; st->compare_cache_size = 1024;
st->connections = NULL; st->connections = NULL;

1
modules/ldap/util_ldap_cache.c
View File

@@ -168,6 +168,7 @@ void *util_ldap_compare_node_copy(void *c)
node->attrib = util_ald_strdup(n->attrib); node->attrib = util_ald_strdup(n->attrib);
node->value = util_ald_strdup(n->value); node->value = util_ald_strdup(n->value);
node->lastcompare = n->lastcompare; node->lastcompare = n->lastcompare;
node->result = n->result;
return node; return node;
} }

1
modules/ldap/util_ldap_cache.h
View File

@@ -153,6 +153,7 @@ typedef struct util_compare_node_t {
const char *attrib; const char *attrib;
const char *value; const char *value;
apr_time_t lastcompare; apr_time_t lastcompare;
int result;
} util_compare_node_t; } util_compare_node_t;
/* /*