When LDAP lookups for a user RDNs are performed, these results are (optionally) cached in the UserDN cache. However, currently, only successful results are cached. When a lookup fails (if the user doesn't exist), nothing is cached.

To prevent costly lookups for non-existing users, this negative outcome should also be cached. This can dramatically improve performance in systems that have references to non-existing (deleted?) users.