Hello Matt, Sorry for the late response, I am new to this mailing list thing and gmail doesn't like to cooperate. There is no problem materialising the cached authentications. rgw restarts happen rarely, and only when a new stable ceph version is available. We really want the cache to be in-memory because of the sheer amount of queries that have to be checked for the ldap authentication. A configurable cache size is desired along with a TTL on the cached auth. About the replacement algorithm an LRU policy would suffice. thanks, Theo On 7 February 2018 at 12:38, Matt Benjamin <mbenjami@xxxxxxxxxx> wrote: > I have plans to implement an in-memory cache--if sized correctly, do > you see a problem with this (materializing cached authentications to > disk would remove a lot of the benefit of caching for most potential > users)? > > regards, > > Matt > > On Wed, Feb 7, 2018 at 5:43 AM, Theofilos Mouratidis > <mtheofilos@xxxxxxxxx> wrote: >> Hello cephers, >> >> In CERN, we would like to use the ldap authentication of the S3/Swift >> radosgw api, for its. >> features. I did some tests and I found out that for every request by >> the same user, >> the radosgw redirects the authentication to the ldap server. In case >> this goes public, >> it might cause a DDOS to the ldap server. We would kindly ask for it >> to be implemented. >> If this is not feasible right now, can you point us the way to create >> a PR for this? >> >> (Some change around "/src/rgw/librgw.cc:528", use rocksdb?) >> >> Thanks, >> Theofilos Mouratidis >> Storage Group, CERN >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > > Matt Benjamin > Red Hat, Inc. > 315 West Huron Street, Suite 140A > Ann Arbor, Michigan 48103 > > http://www.redhat.com/en/technologies/storage > > tel. 734-821-5101 > fax. 734-769-8938 > cel. 734-216-5309 -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
