[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question about (negative) caching



At 02:15 PM 6/7/1999 -0700, you wrote:
I was wondering if the caching code (which I suppose I should
look through one of these days) supports negative caching or
if negative caching even makes sense in the context of LDAP.

interesting idea. I've often wondered about what kind of denial of service attacks one could launch against an LDAP server. It seems to me that one could consume quite a few cycles by querying records that aren't there especially if you don't have permission according to the ACLs. If I remember correctly, the LDAP server will first look for the information and then check against the ACL list to determine if it is allowed.


On a related thought, it seems to me that one could use failed requests as a way to trigger replication before that record. That is, if the record is not found, the slave server could query the master server to see if the master has that record. If so, then the slave would update itself from the master.

one advantage of this form of replication (replication by use) is that it makes it much easier for a slave server to be turned on and be brought up to date without freezing the master and replicating by bulk data copy.

--- eric