[security-dev] [PicketLink IDM] - Loading LDAP Attributes

Boleslaw Dawidowicz bdawidow at redhat.com
Fri Nov 30 04:10:48 EST 2012


Yes I think it makes a lot of sense to not load all attributes by default. IIRC in 1.x nothing beyond uid/cn is loaded during simpler operations like membership resolution and this came from both perf profiling and user/customers complains. 

+1 for configuring minimum set of attributes and then load all the rest on dedicated query. 
 

On Nov 30, 2012, at 3:02 AM, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:

> Bolek (GateIn) has probably seen the volume for LDAP usecases. He can 
> tell us if this is a common issue.
> 
> In my opinion, we should not worry about the number of attributes for 
> LDAP usecase for the first release.
> 
> Alternatively, we can keep it in the API for future implementation(when 
> users demand it).
> 
> On 11/29/2012 07:34 PM, Pedro Igor Silva wrote:
>> Hi All,
>> 
>>     Anil, Shane and I have been discussing if is worth to add a configuration to the LDAP store that allows to specify which attributes should be loaded when retrieving users, roles and groups from the LDAP server.
>> 
>>     The point is that LDAP entries can have a lot of attributes and if we pre-define which attributes should be loaded (and managed by the IDM) we may have a better performance when retrieving the entries from the server.
>> 
>>      This feature is related with lazy loaded attributes.
>> 
>> Regards.
>> Pedro Igor
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev




More information about the security-dev mailing list