[Date Prev][Date Next]
RE: Proxy cache extension for OpenLDAP
At 03:08 AM 2002-09-06, Howard Chu wrote:
>> From: Apurva Kumar [mailto:firstname.lastname@example.org]
>> LDAP proxy cache docs in HTML.
>Thanks. It's a fascinating idea. The effect of ACLs on cached results isn't
>considered though; I guess you assume that all clients of the proxy will have
>equal privileges on the remote server. (That's a fair enough assumption for
>many scenarios, it just needs to be stated.)
You should be able to apply per-user ACLs on information
held in the cache, but use another identity in obtaining
information for the cache.
That is, caching aside, back-ldap should be able to obtain
information using a common identity but return it only if
it matches per-user ACLs.
>You can implement your cache_backend APIs without directly modifying
Apurva and discussed the need to support back-bdb as the cache
store. Your suggestion seems like a reasonable approach for
not only providing back-bdb support, but allowing any backend
to serve as the cache store.
>Also, there should be some kind of cache aging parameter to eliminate stale
>data from the cache.
Likely some sort of default TTL augmented by entry TTLs would
cover this well enough.
>It's a very good effort. I think the query containment and query template
>approach makes sense. Hopefully some more folks will examine this patch and