All - I've created a Knox Improvement Proposal for LDAP Improvements [1].
We need to discuss the various improvement topics that I've captured in there and whether there are any others that need to be added. I would like to scope this work to be able to be delivered as the central theme for the 0.10.0 release with room for a few other fixes and minor improvements. We should try to get this release done in 1 1/2 month timeframe. Those options that would fundamentally address the most pain points would obviously be most important but we need to try and addess all of the most painful ones. :) In other words, I'd like to identify the JIRAs that would redundantly address performance if some other ones will take care of. If the use of PAM with the HadoopGroupMapping provider will eliminate the need to handle so many returned groups in Shiro then we should just deprecate the use of the existing shiro group lookup. I will create a JIRA for any of the topics in the wiki that lack one. Let's discuss this general theme here on the email list and capture specifics in the JIRAs themselves. Once we come to some concensus on this list we can make sure that KIP-1 reflects the decisions made here. Thoughts? --larry [1] https://cwiki.apache.org/confluence/display/KNOX/KIP-1+LDAP+Improvements
