On 19/03/2019 13:42, Shawn McKinney wrote:
This idea has been kicked around before, we discussed on the dev list a several months ago: http://mail-archives.apache.org/mod_mbox/directory-dev/201811.mbox/%[email protected]%3e The biggest problem with caching is creates consistency problems between highly-available and/or load-balanced nodes. In today’s computing environment (everything’s running in a container/cluster) it’s an untenable situation. This is a proposal to replace fortress usage of ehchache with the LDAP persistent search control. Specifically these cached datasets would be targeted: a. cache name="fortress.policies” b. cache name="fortress.ous” c. cache name="fortress.roles” d. cache name="fortress.admin.roles” e. cache name="fortress.pso” f. cache name="fortress.uso” g. cache name="fortress.dsd” h. cache name=“fortress.ssd” My plan, start playing in a sandbox, get an estimate of amount of work / complexity of the change. It may require changing how Fortress handles state, to be more inline with what can be done using persistent search. Of course the public APIs should not have to change nor should the behavior with the client (hint requirement). Let me know if you have any interest in participation (providing requirements, design, test) in this effort.
I can give you and hand with that. The only aspect that needs to be checked is the fact that persistent search is not necessarily implemented the same way on all the LDAP servers, but AFAICT, for OpenLDAP and ApacheDS, it should be just fine.
And, yes, that is definitively a better solution than managing a local cache with all the complexity of having it consistent across various machines.
It should also be simple to implement, and fast enough for your needs.
