On Dec 6, 2012, at 3:06 AM, Anil Saldhana <Anil.Saldhana(a)redhat.com> wrote:
Pedro,
we had discussions on performance associated in querying custom
attributes in the LDAP implementation. I realized that since we will
have an identity cache operating in the IDM layer. The cache needs to
have LRU entries (or whatever policy that gets configured) thus avoiding
round trips to the Identity Store.
Bolek had opined about the use of LDAP entry change notifications to
update the IDM cache. This is when the admin may have used some form of
LDAP browser to update the entries or update happens via software not
controlled by IDM.
Yes, we had a lot of request to cover such scenario in portal. IdentityStore provisioned
using external tools and some REST/JMX hook to flush caches or resync db state if it pulls
from LDAP.
Regards,
Anil
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev