That sounds sensible. I've pushed a draft implementation (not ready for try at home): https://github.com/ceph/ceph/pull/20624 Matt On Tue, Feb 20, 2018 at 10:26 AM, Theofilos Mouratidis <mtheofilos@xxxxxxxxx> wrote: > Hello Matt, > > Sorry for the late response, I am new to this mailing list thing > and gmail doesn't like to cooperate. > > There is no problem materialising the cached authentications. > rgw restarts happen rarely, and only when a new stable ceph > version is available. We really want the cache to be in-memory > because of the sheer amount of queries that have to be > checked for the ldap authentication. A configurable cache size > is desired along with a TTL on the cached auth. About the > replacement algorithm an LRU policy would suffice. > > thanks, > Theo > > > On 7 February 2018 at 12:38, Matt Benjamin <mbenjami@xxxxxxxxxx> wrote: >> I have plans to implement an in-memory cache--if sized correctly, do >> you see a problem with this (materializing cached authentications to >> disk would remove a lot of the benefit of caching for most potential >> users)? >> >> regards, >> >> Matt >> >> On Wed, Feb 7, 2018 at 5:43 AM, Theofilos Mouratidis >> <mtheofilos@xxxxxxxxx> wrote: >>> Hello cephers, >>> >>> In CERN, we would like to use the ldap authentication of the S3/Swift >>> radosgw api, for its. >>> features. I did some tests and I found out that for every request by >>> the same user, >>> the radosgw redirects the authentication to the ldap server. In case >>> this goes public, >>> it might cause a DDOS to the ldap server. We would kindly ask for it >>> to be implemented. >>> If this is not feasible right now, can you point us the way to create >>> a PR for this? >>> >>> (Some change around "/src/rgw/librgw.cc:528", use rocksdb?) >>> >>> Thanks, >>> Theofilos Mouratidis >>> Storage Group, CERN >>> -- >>> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> >> >> -- >> >> Matt Benjamin >> Red Hat, Inc. >> 315 West Huron Street, Suite 140A >> Ann Arbor, Michigan 48103 >> >> http://www.redhat.com/en/technologies/storage >> >> tel. 734-821-5101 >> fax. 734-769-8938 >> cel. 734-216-5309 -- Matt Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A Ann Arbor, Michigan 48103 http://www.redhat.com/en/technologies/storage tel. 734-821-5101 fax. 734-769-8938 cel. 734-216-5309 -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
