directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yudhi Karunia Surtan <brainmaster...@gmail.com>
Subject Re: Replacing Caching with LDAP Persistent Searches
Date Tue, 19 Mar 2019 13:45:34 GMT
Hi Shawn,

Is that possible that by design we put the optional cache interface at
fortress so later people can choose their own cache implementations? Well
ya, by default it will use LDAP if they not implement their own class
implementation.

I think caching is very important when you have a lot user using it.

On Tue, Mar 19, 2019, 20:26 Emmanuel Lécharny <elecharny@gmail.com> wrote:

>
> On 19/03/2019 13:42, Shawn McKinney wrote:
> > This idea has been kicked around before, we discussed on the dev list a
> several months ago:
> >
> http://mail-archives.apache.org/mod_mbox/directory-dev/201811.mbox/%3cB5AFAF88-F17C-4D41-9992-E3C53C9FD008@apache.org%3e
> >
> > The biggest problem with caching is creates consistency problems between
> highly-available and/or load-balanced nodes.  In today’s computing
> environment (everything’s running in a container/cluster) it’s an untenable
> situation.
> >
> > This is a proposal to replace fortress usage of ehchache with the LDAP
> persistent search control.
> >
> > Specifically these cached datasets would be targeted:
> >
> >   a. cache name="fortress.policies”
> >   b. cache name="fortress.ous”
> >   c. cache name="fortress.roles”
> >   d. cache name="fortress.admin.roles”
> >   e. cache name="fortress.pso”
> >   f. cache name="fortress.uso”
> >   g. cache name="fortress.dsd”
> >   h. cache name=“fortress.ssd”
> >
> > My plan, start playing in a sandbox, get an estimate of amount of work /
> complexity of the change.  It may require changing how Fortress handles
> state, to be more inline with what can be done using persistent search.  Of
> course the public APIs should not have to change nor should the behavior
> with the client (hint requirement).  Let me know if you have any interest
> in participation (providing requirements, design, test) in this effort.
>
>
> I can give you and hand with that. The only aspect that needs to be
> checked is the fact that persistent search is not necessarily
> implemented the same way on all the LDAP servers, but AFAICT, for
> OpenLDAP and ApacheDS, it should be just fine.
>
>
> And, yes, that is definitively a better solution than managing a local
> cache with all the complexity of having it consistent across various
> machines.
>
>
> It should also be simple to implement, and fast enough for your needs.
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message