|
When configuring LDAP authentication via saslauthd, the local saslauthd daemon can be configured to cache credentials in memory (default 8 hours).
When using native LDAP authentication (which uses libldap) there is currently no caching of authentication. This means that every new connection with $external authentication for LDAP requires a roundtrip to the LDAP server. If an application is not pooling connections correctly, this can create considerable load on the LDAP server.
Let's add a configuration parameter to configure the duration for caching user/passwords for native LDAP.
Note that the parameter ldapUserCacheInvalidationInterval controls caching for LDAP authorization (i.e. group membership) and not password authentication.
|