There are several known issues with the LDAPCache code.
1) The cache is not cleared when the LDAPLoginModule configuration is changed, leaving stale data in the cache.
2) No way to disable the cache. Setting the cache time to live to zero has no effect. (I may just be setting the time to live incorrectly).
3) The cache does not listen to change events from the LDAP server. This leaves stale entries in the cache when the ldap server is updated. The SimpleCachedLDAPAuthorizationMap used in active-mq registers these listeners.