Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggest setting quarkus.security.ldap.cache.enabled #46688

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Suggest setting quarkus.security.ldap.cache.enabled #46688

wants to merge 1 commit into from
+6 −4

Conversation

t1
Copy link

@t1 t1 commented Mar 10, 2025

As discussed in #46507

@michalvavrik michalvavrik requested a review from sberyozkin March 10, 2025 09:10
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Mar 10, 2025

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit f69b247.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

@github-actions GitHub Actions
Copy link

🎊 PR Preview 60cbe47 has been successfully built and deployed to https://quarkus-pr-main-46688-preview.surge.sh/version/main/guides/

  • Images of blog posts older than 3 months are not available.
  • Newsletters older than 3 months are not available.

sberyozkin
sberyozkin reviewed Mar 10, 2025
View reviewed changes
docs/src/main/asciidoc/security-ldap.adoc
<3> The URL used by our test resource. Tests may leverage `LdapServerTestResource` provided by Quarkus as link:{quickstarts-blob-url}/security-ldap-quickstart/src/test/java/org/acme/elytron/security/ldap/ElytronLdapExtensionTestResources.java[we do] in the test coverage of the example application.
<2> The URL used by our test resource. Tests may leverage `LdapServerTestResource` provided by Quarkus as link:{quickstarts-blob-url}/security-ldap-quickstart/src/test/java/org/acme/elytron/security/ldap/ElytronLdapExtensionTestResources.java[we do] in the test coverage of the example application.
<3> `{0}` is substituted by the `uid`.
<4> Without this configuration, every request to your service will cause an additional roundtrip to the LDAP server. Therefore, it's a common practice to cache these result to improve performance, but the tradeoff is that there will be a delay between changes in the LDAP getting effective in your service. The default cache max-age is `60s`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @t1, this information will be useful.
However, I'd like to propose to turn into a Note, that would inform users that by default, LDAP request is made each time, and you can set this property if you'd like to optimize, etc

The reason I propose it is because with this current text we essentially recommend enabling the cache, in which case it would be reasonable for users to ask, why do we have to configure it ourselves?

The note, with pros and cons, would make it more obvious why users have to make this decision

@sberyozkin
Copy link
Member

@t1 @michalvavrik

By the way, how is this cache managed ?

@michalvavrik
Copy link
Member

@t1 @michalvavrik

By the way, how is this cache managed ?

Elytron does that, not us. On the Quarkus side, the feautre is about creating cache security realm, see 4dc83f9#diff-536222a00f1e17a090ff0327620053fa1db46827f4491350fa42809c80243a67 for details.

@sberyozkin
Copy link
Member

Thanks @michalvavrik, I'm assuming it is memory based by default.
I believe the proposed note should link to Elytron docs for users to know what options are available

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin sberyozkin left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@t1 @sberyozkin @michalvavrik