[cas-dev] Extended Attributes Architecture for 3.1

[Velpi]

> What this does mean though is that the data source is hit twice, once  
> to verify the user, and one to actually retrieve the attributes.  
> While there may be some cases where this needs to be two steps, there  
> are also lots of cases where it can all be done in one command. In  
> those cases, I think that there shouldn't be a need to hit the  
> backend data source twice, especially some sql table that is not  
> designed for the same type of load that something like LDAP is.
> 
> Thoughts?

For SQL this makes sense: why hit the same SQL twice (probably even the 
same table, or most likely the same DB)?
For LDAP however there is always a phase where a bind is done as if it 
were the user itself that's connecting to the directory. In this case it 
would be nice to have both a persistent and a "switching" connection.

I'm thinking whether connection pooling should catch most of the 
overhead of hitting the backend twice. I'm not sure how else it is 
possible to both allow re-use and make sure it is possible to use 
another backend.

-- Velpi