Re: [security-dev] IDM: LDAP Custom Attributes
----- Original Message -----
From: "Anil Saldhana" <Anil.Saldhana(a)redhat.com>
To: security-dev(a)lists.jboss.org
Sent: Thursday, December 6, 2012 12:06:03 AM
Subject: [security-dev] IDM: LDAP Custom Attributes
Pedro,
we had discussions on performance associated in querying custom
attributes in the LDAP implementation. I realized that since we will
have an identity cache operating in the IDM layer. The cache needs to
have LRU entries (or whatever policy that gets configured) thus
avoiding
round trips to the Identity Store.
You're right, one of the biggest challenges is how to perform well when querying
attributes that are not part of the LDAP schema. Those attributes are not searchable and
we need to make most of the query logic inside the store.
Bolek had opined about the use of LDAP entry change notifications to
update the IDM cache. This is when the admin may have used some form
of
LDAP browser to update the entries or update happens via software not
controlled by IDM.
Ok, going to consider that too.
Regards,
Anil
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev