I was wondering if the caching code (which I suppose I should
look through one of these days) supports negative caching or
if negative caching even makes sense in the context of LDAP.
interesting idea. I've often wondered about what kind of denial of service
attacks one could launch against an LDAP server. It seems to me that one
could consume quite a few cycles by querying records that aren't there
especially if you don't have permission according to the ACLs. If I
remember correctly, the LDAP server will first look for the information and
then check against the ACL list to determine if it is allowed.
On a related thought, it seems to me that one could use failed requests as
a way to trigger replication before that record. That is, if the record is
not found, the slave server could query the master server to see if the
master has that record. If so, then the slave would update itself from the
master.
one advantage of this form of replication (replication by use) is that it
makes it much easier for a slave server to be turned on and be brought up
to date without freezing the master and replicating by bulk data copy.