Cache Settings for LDAP user storage provider

Okay, now I’m seeing a little bit clearer. There are obviously some functions in the authentication flow that will use the local cache, while others go directly to the LDAP provider.

As the documentation states, the password will always be checked against LDAP. As I found out, fetching whole UserModel objects (session.users().getUsersStream(...)) or checking for attributes (session.users().searchForUserByUserAttributeStream(...)) will also query LDAP and not the local storage. User names and E-Mail will be taken from the cache, but will raise an exception if the user is not in the cache and the connection to Active Directory is off line.

Since I am looking for users by name, e-mail or attributes, I’m now doing this:

  1. Query by name
  2. Query by e-mail
  3. Query by attribute

Each of these steps is enclosed by try {...} catch, so that an exception caused by the AD not being available will pass silently. Note that in step 3 I’m using the userLocalStorage in order to bypass LDAP and query the attributes stored in the local database.

Maybe this will keep someone else’s hair from turning as grey as mine…

1 Like