MultiDirectoryLab · rimu-stack · Jan 23, 2026 · Jan 16, 2026 · Jan 20, 2026 · Jan 20, 2026
diff --git a/app/alembic/versions/16a9fa2c1f1e_rename_readonly_group.py b/app/alembic/versions/16a9fa2c1f1e_rename_readonly_group.py
@@ -43,7 +43,6 @@ def upgrade(container: AsyncContainer) -> None:  # noqa: ARG001
             return
 
         ro_dir.name = READ_ONLY_GROUP_NAME
-
         ro_dir.create_path(ro_dir.parent, ro_dir.get_dn_prefix())
 
         session.execute(
@@ -91,7 +90,6 @@ def downgrade(container: AsyncContainer) -> None:  # noqa: ARG001
             return
 
         ro_dir.name = "readonly domain controllers"
-
         ro_dir.create_path(ro_dir.parent, ro_dir.get_dn_prefix())
 
         session.execute(

diff --git a/app/alembic/versions/71e642808369_add_directory_is_system.py b/app/alembic/versions/71e642808369_add_directory_is_system.py
@@ -56,8 +56,13 @@ async def _indicate_system_directories(
         if not base_dn_list:
             return
 
-        for base_dn in base_dn_list:
-            base_dn.is_system = True
+        await session.execute(
+            update(Directory)
+            .where(
+                qa(Directory.parent_id).is_(None),
+            )
+            .values(is_system=True),
+        )
 
         await session.flush()
 

diff --git a/app/ldap_protocol/auth/setup_gateway.py b/app/ldap_protocol/auth/setup_gateway.py
@@ -16,6 +16,7 @@
     AttributeValueValidator,
 )
 from ldap_protocol.ldap_schema.entity_type_dao import EntityTypeDAO
+from ldap_protocol.utils.async_cache import base_directories_cache
 from ldap_protocol.utils.helpers import create_object_sid, generate_domain_sid
 from ldap_protocol.utils.queries import get_domain_object_class
 from password_utils import PasswordUtils
@@ -113,6 +114,7 @@ async def setup_enviroment(
                     domain=domain,
                     parent=domain,
                 )
+            base_directories_cache.clear()
 
         except Exception:
             import traceback
@@ -132,13 +134,13 @@ async def create_dir(
             is_system=is_system,
             object_class=data["object_class"],
             name=data["name"],
-            parent=parent,
         )
         dir_.groups = []
         dir_.create_path(parent, dir_.get_dn_prefix())
 
         self._session.add(dir_)
         await self._session.flush()
+        dir_.parent_id = parent.id if parent else None
         await self._session.refresh(dir_, ["id"])
 
         self._session.add(

diff --git a/app/ldap_protocol/utils/async_cache.py b/app/ldap_protocol/utils/async_cache.py
@@ -0,0 +1,43 @@
+"""Async cache implementation."""
+
+import time
+from functools import wraps
+from typing import Callable, Generic, TypeVar
+
+from entities import Directory
+
+T = TypeVar("T")
+DEFAULT_CACHE_TIME = 5 * 60  # 5 minutes
+
+
+class AsyncTTLCache(Generic[T]):
+    def __init__(self, ttl: int | None = DEFAULT_CACHE_TIME) -> None:
+        self._ttl = ttl
+        self._value: T | None = None
+        self._expires_at: float | None = None
+
+    def clear(self) -> None:
+        self._value = None
+        self._expires_at = None
+
+    def __call__(self, func: Callable) -> Callable:
+        @wraps(func)
+        async def wrapper(*args: tuple, **kwargs: dict) -> T:
+            if self._value is not None:
+                if not self._expires_at or self._expires_at > time.monotonic():
+                    return self._value
+                self.clear()
+
+            result = await func(*args, **kwargs)
+
+            self._value = result
+            self._expires_at = (
+                time.monotonic() + self._ttl if self._ttl else None
+            )
+
+            return result
+
+        return wrapper
+
+
+base_directories_cache = AsyncTTLCache[list[Directory]]()
diff --git a/app/ldap_protocol/utils/queries.py b/app/ldap_protocol/utils/queries.py
@@ -5,6 +5,7 @@
 """
 
 import time
+from copy import copy
 from datetime import datetime
 from typing import Iterator
 from zoneinfo import ZoneInfo
@@ -25,6 +26,7 @@
     queryable_attr as qa,
 )
 
+from .async_cache import base_directories_cache
 from .const import EMAIL_RE, GRANT_DN_STRING
 from .helpers import (
     create_integer_hash,
@@ -35,13 +37,19 @@
 )
 
 
+@base_directories_cache
 async def get_base_directories(session: AsyncSession) -> list[Directory]:
     """Get base domain directories."""
     result = await session.execute(
         select(Directory)
         .filter(qa(Directory.parent_id).is_(None)),
     )  # fmt: skip
-    return list(result.scalars().all())
+    res = []
+    for dir_ in result.scalars():
+        new_dir = copy(dir_)
+        session.expunge(new_dir)
+        res.append(new_dir)
+    return res
 
 
 async def get_user(session: AsyncSession, name: str) -> User | None:
@@ -362,7 +370,7 @@ async def create_group(
     dir_ = Directory(
         object_class="",
         name=name,
-        parent=parent,
+        parent_id=parent.id,
     )
     session.add(dir_)
     await session.flush()

diff --git a/interface b/interface