Return-Path: X-Original-To: apmail-archiva-dev-archive@www.apache.org Delivered-To: apmail-archiva-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CC0DF86B5 for ; Wed, 24 Aug 2011 06:46:01 +0000 (UTC) Received: (qmail 75041 invoked by uid 500); 24 Aug 2011 06:46:00 -0000 Delivered-To: apmail-archiva-dev-archive@archiva.apache.org Received: (qmail 74149 invoked by uid 500); 24 Aug 2011 06:45:47 -0000 Mailing-List: contact dev-help@archiva.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@archiva.apache.org Delivered-To: mailing list dev@archiva.apache.org Received: (qmail 74104 invoked by uid 99); 24 Aug 2011 06:45:44 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Aug 2011 06:45:44 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of odeaching@gmail.com designates 209.85.161.42 as permitted sender) Received: from [209.85.161.42] (HELO mail-fx0-f42.google.com) (209.85.161.42) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Aug 2011 06:45:37 +0000 Received: by fxe23 with SMTP id 23so747721fxe.15 for ; Tue, 23 Aug 2011 23:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=tPnc6Pk9RaVsRC87gkMmJ/E6B/HEvVvU37PZ/9rZad4=; b=LSPSAuhaZTYFxNW0oxwsBk/Y5Ncghv9aCcgBJJn1mkIE9LyB9T/7YWQZcbg834ilFu 2BWO9F97gRU2MIT7iM/MgbNPzG54dLcfMjfk7eHZRQhvJrHneMJKrM7jSu1t1VeYiIWI +lz54IGPET0tvhf2I8UHWBT2xkbXc5j6Yw8GU= MIME-Version: 1.0 Received: by 10.223.54.66 with SMTP id p2mr6666246fag.143.1314168316582; Tue, 23 Aug 2011 23:45:16 -0700 (PDT) Sender: odeaching@gmail.com Received: by 10.223.111.75 with HTTP; Tue, 23 Aug 2011 23:45:16 -0700 (PDT) Date: Wed, 24 Aug 2011 14:45:16 +0800 X-Google-Sender-Auth: 7unneWP0MuIy0TaaYbanAdpTI3s Message-ID: Subject: Archiva issue with LDAP (MRM-1488) From: Deng Ching To: dev@archiva.apache.org Content-Type: multipart/alternative; boundary=0015174486c0af5cda04ab3aa7c7 --0015174486c0af5cda04ab3aa7c7 Content-Type: text/plain; charset=ISO-8859-1 Hi, Jev and I are currently working on MRM-1488 (Using Archiva as proxy for downloading artifacts is very slow when used with LDAP authentication). The problem we saw here was that for each artifact request, authentication happens which in turn results to a call to the LDAP server. To fix this, we're planning to use an in-memory cache for the LDAP credentials. For every authentication request made, Redback will: 1. look for the user in the cache 2. if user is found in the cache, compare credentials - if it matches, return successful - if it doesn't match, reject it 3. if user is not found in the cache - retrieve user from LDAP server - check provided credentials against the retrieved user - if it matches, return successful and add retrieved user to the cache - if it doesn't match, reject it We're planning to use EhCache for this so we can also set a TTL (time-to-live) for the cached objects. A password change done from the webapp would flush the user in the cache. Also, in the logs, we've noticed a number of calls to the LDAP server (search for users then authenticate) which may not be necessary so we'll also check if we can improve those. Any thoughts or comments? Thanks, Deng --0015174486c0af5cda04ab3aa7c7--