[security-dev] IDM: LDAP Custom Attributes

[Anil Saldhana]

Pedro,
    we had discussions on performance associated in querying custom 
attributes in the LDAP implementation. I realized that since we will 
have an identity cache operating in the IDM layer. The cache needs to 
have LRU entries (or whatever policy that gets configured) thus avoiding 
round trips to the Identity Store.

Bolek had opined about the use of LDAP entry change notifications to 
update the IDM cache. This is when the admin may have used some form of 
LDAP browser to update the entries or update happens via software not 
controlled by IDM.

Regards,
Anil