Every request to ArcGIS Server for a secured map service results in a query to LDAP. This is causing millions of lookup queries to go to our LDAP and periodically crashing it.
We have several web and mobile applications that all use 3 different tokens, and this accounts for about 90% of our map service traffic. Very few requests come in from individual user accounts. ArcGIS Server reads the token, figures out which user it is for, and sends a query to LDAP to see what roles the user has. It is asking LDAP the same question for the same user multiple times per second.
Suggestion: Make a setting for how long to store LDAP lookups in a cache and perhaps another setting for how many LDAP queries to hold in the cache.
We add and remove users from time to time, so a cache solution shouldn't require us to restart ArcGIS Server. We rarely change the roles a user has, so that could be cached for a longer time. If I could make ArcGIS Server cache the role lookup for even just 10 minutes, I estimate that would eliminate the need for 99.92% (I did the math) of our LDAP lookups.
I was told by tech support (incident 122519) that this may be possible in a web tier auth, but he also said this was something we'd have to figure out on our own and is not supported.