The current LDAP cache implemented for httpd's mod_ldap only does exact matches based on LDAP URL and filter expression. An intelligent caching mechanism would respect basedn and scope of a given LDAP search. Essentially we need the caching to implement the behavior of an RFC-compliant "mini-LDAP server." Please enhance APR-Util's LDAP implementation to the extent necessary to support "scope-aware" caching, specifically: 1) the current implementation works for exact matches of both search expression and basedn, this is equivalent to "basedn scoped" searches. 2) onelevel cache searches would include case 1 and also any cache entries with no more than one additional DN entry. 3) subtree-scoped cache searches; would include both case 1, case 2, and any deeper matches. I will write a companion bug against httpd's mod_ldap and update this as a blocker.
It's unlikely that an LDAP cache would be moved into APR and enhanced. There are currently discussion to even move the portability aspects of LDAP into httpd.
Makes sense...rather than build a "dependency tree," I'll clone this into httpd, proper.
(In reply to comment #1) > It's unlikely that an LDAP cache would be moved into APR and enhanced. There > are currently discussion to even move the portability aspects of LDAP into > httpd. FYI, the httpd copy of this bug is at https://issues.apache.org/bugzilla/show_bug.cgi?id=49199 . Have the discussions about moving LDAP portability into httpd reached a conclusion?