By default, the server caches user and group authentication results in the ACL user cache. You can control the amount of time that ACL user cache is valid by using the ACLCacheLifetime directive in the magnus.conf file. Each time an entry in the cache is referenced, its age is calculated and checked against ACLCacheLifetime. The entry is not used if its age is greater than or equal to the ACLCacheLifetime. The default value is 120 seconds. Setting the value to 0 (zero) turns the cache off. If you use a large number for this value, you may need to restart the server every time you make changes to the LDAP entries. For example, if this value is set to 120 seconds, the server might be out of sync with the LDAP directory for as long as two minutes. Only set a large value if your LDAP directory is not likely to change often.
Using the magnus.conf parameter of ACLUserCacheSize, you can configure the maximum number of entries that can be held in the cache. The default value for this parameter is 200. New entries are added to the head of the list, and entries at the end of this list are recycled to make new entries when the cache reaches its maximum size.
You can also set the maximum number of group memberships that can be cached per user entry using the magnus.conf parameter, ACLGroupCacheSize. The default value for this parameter is 4. Unfortunately non-membership of a user in a group is not cached, and will result in several LDAP directory accesses on every request.
For more information on ACL file directives, see the NSAPI Developer’s Guide.
To set ACL cache properties through CLI, execute the following command.
wadm> set-acl-cache-prop --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 property=value |
See CLI Reference, set-acl-cache-prop(1).
The valid properties you can set are:
enabled — Indicates whether the server caches the file content and meta information. The default value is true.
max-age — The maximum amount of time (in seconds) to cache the file content and meta information. The range of values is 0.001 to 3600.
max-groups-per-user — The maximum number of groups per user for which the server will cache the membership information. The range of values is 1 to 1024.
max-age — The maximum amount of time (in seconds) to cache the authentication information. The range of values is 0.001 to 3600.