[security-dev] [PicketLink IDM] - Loading LDAP Attributes
Boleslaw Dawidowicz
bdawidow at redhat.com
Fri Nov 30 04:10:48 EST 2012
Yes I think it makes a lot of sense to not load all attributes by default. IIRC in 1.x nothing beyond uid/cn is loaded during simpler operations like membership resolution and this came from both perf profiling and user/customers complains.
+1 for configuring minimum set of attributes and then load all the rest on dedicated query.
On Nov 30, 2012, at 3:02 AM, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
> Bolek (GateIn) has probably seen the volume for LDAP usecases. He can
> tell us if this is a common issue.
>
> In my opinion, we should not worry about the number of attributes for
> LDAP usecase for the first release.
>
> Alternatively, we can keep it in the API for future implementation(when
> users demand it).
>
> On 11/29/2012 07:34 PM, Pedro Igor Silva wrote:
>> Hi All,
>>
>> Anil, Shane and I have been discussing if is worth to add a configuration to the LDAP store that allows to specify which attributes should be loaded when retrieving users, roles and groups from the LDAP server.
>>
>> The point is that LDAP entries can have a lot of attributes and if we pre-define which attributes should be loaded (and managed by the IDM) we may have a better performance when retrieving the entries from the server.
>>
>> This feature is related with lazy loaded attributes.
>>
>> Regards.
>> Pedro Igor
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list