[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AuthType Basic (with ext LDAP)

From: Scott R. Keszler <keszler_at_srkconsulting.com>
Date: Sat, 19 Oct 2013 16:30:07 +0000 (UTC)

> From: "Ben Reser" <ben_at_reser.org> Sent: Friday, October 18, 2013 1:51:56 PM
> On 10/18/13 10:01 AM, Naumenko, Roman wrote:
> > What I noticed is that svn server making a request for each svn URI or
> > operation, which neither LDAP server likes nor users that could be
> > waiting for their turn to be authenticated and see delays in svn server
> > response.
> >
> > Could somebody point me where the problem is?
> > I'd expect only one authentication request from the server when user
> > presents himself first time (or after cache expires).
>
> This is a feature. It allows you to use Apache authentication setups that
> are path based like mod_authz_svn is. In your case (and most users case) the
> only authentication handler that cares about the path is mod_authz_svn, in which
> case you can use the mod_dav_svn configuration directive "SVNPathAuthz
> short_circuit" which will prevent subrequests from being generated for
> additional paths that a request touches other than the path in the request
> URI and instead simply ask mod_authz_svn to process the path directly. This will
> speed up your server by quite a bit since subrequests are slow as well as
> resolving your problem with LDAP.

Another option is caching the LDAP requests to avoid beating up the LDAP server(s).

# Allocate maximum of 256K RAM for cache
LDAPSharedCacheSize 262144

# Save 1K cache entries for successful search/binds
LDAPCacheEntries 1024

# Keep entries in cache for 8 hours for successful search/binds
LDAPCacheTTL 28800

# Save 1K cache entries for successful compare operations
LDAPOpCacheEntries 1024

# Keep entries in cache for 8 hours for successful compare operations
LDAPOpCacheTTL 28800
Received on 2013-10-19 18:30:55 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.