-
Feature Request
-
Resolution: Done
-
Critical
-
None
-
None
The LDAP realm should use a caching strategy to avoid excessive database load in the presence of per-request authentication traffic.
The realm implementation could maintain a synchronized LRU cache of one-time-initialize references to a cached DirContext or Attributes or binding or some combination of these. Because the cache is synchronized, the one-time-initialize object would be added under the lock and then the lock released before the object is populated and returned as a cached credential, allowing atomic action with a minimum of contention.
For each cached entity, a NamingListener could be established which would invalidate (or possibly update) the cached value as the database changes.
Alternatively, a NamingListener could be established for all identities, and each update would invalidate or update any cached values corresponding to the DN or resolved name.
This is a complex design topic so discussion is welcome.