https://bz.apache.org/bugzilla/show_bug.cgi?id=61904
Bug ID: 61904
Summary: Option to cache negative LDAP searches
Product: Apache httpd-2
Version: 2.4.29
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ldap
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
According to the documentation:
"The search/bind cache is used to cache all searches that resulted in
successful binds. Negative results (i.e., unsuccessful searches, or searches
that did not result in a successful bind) are not cached. The rationale behind
this decision is that connections with invalid credentials are only a tiny
percentage of the total number of connections, so by not caching invalid
credentials, the size of the cache is reduced."
This is extremely bad for our use case. We configure multiple providers using
AuthnProviderAlias for different LDAP servers. Now assume we have providers
'a', 'b', and 'c' in order. A user which is valid for provider 'c'
authenticates. For every subsequent request, servers 'a' and 'b' are queried
over and over again for the same user (which does not exist), and only the
cache for the URL configured in provider 'c' will hit successfully.
In our scenario this causes severe performance issues. It would be great to
have an option to switch on caching for negative hits - even at the cost of
being much more memory intensive.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
