httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61904] New: Option to cache negative LDAP searches
Date Thu, 14 Dec 2017 12:17:32 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61904

            Bug ID: 61904
           Summary: Option to cache negative LDAP searches
           Product: Apache httpd-2
           Version: 2.4.29
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ldap
          Assignee: bugs@httpd.apache.org
          Reporter: markus.duft@ssi-schaefer.com
  Target Milestone: ---

According to the documentation:

"The search/bind cache is used to cache all searches that resulted in
successful binds. Negative results (i.e., unsuccessful searches, or searches
that did not result in a successful bind) are not cached. The rationale behind
this decision is that connections with invalid credentials are only a tiny
percentage of the total number of connections, so by not caching invalid
credentials, the size of the cache is reduced."

This is extremely bad for our use case. We configure multiple providers using
AuthnProviderAlias for different LDAP servers. Now assume we have providers
'a', 'b', and 'c' in order. A user which is valid for provider 'c'
authenticates. For every subsequent request, servers 'a' and 'b' are queried
over and over again for the same user (which does not exist), and only the
cache for the URL configured in provider 'c' will hit successfully.

In our scenario this causes severe performance issues. It would be great to
have an option to switch on caching for negative hits - even at the cost of
being much more memory intensive.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message