archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deng Ching <och...@apache.org>
Subject Archiva issue with LDAP (MRM-1488)
Date Wed, 24 Aug 2011 06:45:16 GMT
Hi,

Jev and I are currently working on MRM-1488 (Using Archiva as proxy for
downloading artifacts is very slow when used with LDAP authentication). The
problem we saw here was that for each artifact request, authentication
happens which in turn results to a call to the LDAP server.

To fix this, we're planning to use an in-memory cache for the LDAP
credentials. For every authentication request made, Redback will:

1. look for the user in the cache
2. if user is found in the cache, compare credentials
     - if it matches, return successful
     - if it doesn't match, reject it
3. if user is not found in the cache
     - retrieve user from LDAP server
     - check provided credentials against the retrieved user
     - if it matches, return successful and add retrieved user to the cache
     - if it doesn't match, reject it

We're planning to use EhCache for this so we can also set a TTL
(time-to-live) for the cached objects. A password change done from the
webapp would flush the user in the cache.
Also, in the logs, we've noticed a number of calls to the LDAP server
(search for users then authenticate) which may not be necessary so we'll
also check if we can improve those.

Any thoughts or comments?

Thanks,
Deng

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message