directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <>
Subject Replacing Caching with LDAP Persistent Searches
Date Tue, 19 Mar 2019 12:42:55 GMT
This idea has been kicked around before, we discussed on the dev list a several months ago:

The biggest problem with caching is creates consistency problems between highly-available
and/or load-balanced nodes.  In today’s computing environment (everything’s running in
a container/cluster) it’s an untenable situation.

This is a proposal to replace fortress usage of ehchache with the LDAP persistent search control.

Specifically these cached datasets would be targeted:

 a. cache name="fortress.policies”
 b. cache name="fortress.ous”
 c. cache name="fortress.roles”
 d. cache name="fortress.admin.roles”
 e. cache name="fortress.pso”
 f. cache name="fortress.uso”
 g. cache name="fortress.dsd”
 h. cache name=“fortress.ssd”

My plan, start playing in a sandbox, get an estimate of amount of work / complexity of the
change.  It may require changing how Fortress handles state, to be more inline with what can
be done using persistent search.  Of course the public APIs should not have to change nor
should the behavior with the client (hint requirement).  Let me know if you have any interest
in participation (providing requirements, design, test) in this effort.


View raw message