So I'm trying to get CAS to retrieve attribute from LDAP, and ideally cache them to decrease load.
I would exercise caution with this approach. CAS natively employs attribute caching; attributes are only fetched on user authentication, so attributes are naturally cached for the duration of the SSO session. In most cases that's at least once per day which is arguably too long for certain kinds of authorization data. Adding additional caching on top of that sounds like a tradeoff you would make only upon careful analysis with your security folks.
That said, we use Ehcache in a custom attribute resolver to cache attributes during the authentication pipeline. We want to hit the directory exactly once during authentication, but it turns out we needed to perform at least two (possibly three) queries to resolve some data for user attributes as well as audit data. The caching TTL was carefully chosen to have data hang around only long enough to prevent duplicate queries against the directory during the authentication flow.
https://wiki.jasig.org/display/PDM15/Attribute+Caching and trying to figure out how to set the size of the cache and the TTL.
I'm going to go on record and say I hate Person Directory. The only way I figure things out is by reviewing source:
https://github.com/Jasig/person-directory/blob/rel-1.5.0-RC6/person-directory-impl/src/main/java/org/jasig/services/persondir/support/CachingPersonAttributeDaoImpl.java Good luck. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
