directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: [ApacheDS] Bind performance
Date Mon, 17 Jul 2006 18:04:31 GMT
Alex Karasulu wrote:
> Noel J. Bergman wrote:
>> Alex,
>> In many real-world cases, e.g., application servers binding to LDAP, 
>> you are
>> going to see a small number of frequently re-used credentials.  
>> Judging from
>> your results, it appears that performance would benefit greatly from
>> exposing a credential cache closer to the bind code.  A trigger, for
>> example, could be used to invalidate the credential cache entry, which
>> addresses the issue of stale cache entries.
> This is a *really* good idea!  Doing this correctly is not that easy 
> after some thought.  I know I was enthusiastic over the phone but I 
> realized some issues due to the design.
> I'm a bit upset because DN normalization, and the fact that other kinds 
> of binds get in the way of doing this easily with the big bang we're 
> hoping for.  I'm afraid the best we can do is maintain a credential 
> cache in the SimpleAuthenticator yet this is deep inside the core and 
> not as close to the front-end code.  If the front-end's BindHandler 
> could do this correctly then the performance would go through the roof.
> BTW the check's to invalidate this cache need to be managed using the 
> modify() method of the AuthenticationService (Interceptor) in the core. 
> It can call invalidateCredentials( LdapDN ) on the SimpleAuthenticator.
> It's possible to do this to improve performance by preventing certain 
> recurrent lookups.  But this is will give us less of a performance gain 
> than just doing it in the BindHandler :(.  It is however more correct to 
> do it in the SimpleAuthenticator.

Ok I did the optimization here locally and ran the regression tests.  We 
got a 27% improvement overall with subsequent requests.  Here take a 
look at the end of this page:

This is worth finishing up the optimization with the invalidation code.


View raw message