-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
Using the ObjectChangeListener API from JNDI, on supported LDAP servers and Active Directory (the MS version definitely supports this at least), user and group objects that get modified should be used to either update the internal UserDetails/GroupDetails caches or to know which cache keys to evict if updating the cache from the event is too complicated. This will help balance the needs of caching performance with more accurate data.
I'll note the changes introduced in
JENKINS-55813help alleviate some of the account data going out of date, though this can still be improved with a sort of localized cache of LDAP/AD as relevant events are sent.