LDAP UserDN cache should contain negative results
When LDAP lookups for a user RDNs are performed, these results are (optionally) cached in the UserDN cache. However, currently, only successful results are cached. When a lookup fails (if the user doesn't exist), nothing is cached.
To prevent costly lookups for non-existing users, this negative outcome should also be cached. This can dramatically improve performance in systems that have references to non-existing (deleted?) users.