Configuring the ACL User Cache

By default, Proxy Server caches user and group authentication results in the ACL user cache. You can control the amount of time the ACL user cache is valid through using the ACLCacheLifetime directive in the magnus.conf file. Each time an entry in the cache is referenced, its age is calculated and checked against ACLCacheLifetime. The entry is not used if its age is greater than or equal to the ACLCacheLifetime. The default value is 120 seconds. Setting the value to 0 (zero) turns the cache off. If you use a large number for this value, you might need to restart Proxy Server every time you make changes to the LDAP entries. For example, if this value is set to 120 seconds, Proxy Server might be out of sync with the LDAP directory for as long as two minutes. Only set a large value if your LDAP directory is not likely to change often.

Using the magnus.conf parameter of ACLUserCacheSize, you can configure the maximum number of entries that can be held in the cache. The default value for this parameter is 200. New entries are added to the head of the list, and entries at the end of this list are recycled to make new entries when the cache reaches its maximum size.

You can also set the maximum number of group memberships that can be cached per user entry using the magnus.conf parameter ACLGroupCacheSize. The default value for this parameter is 4. Non-membership of a user in a group is not cached, which results in several LDAP directory accesses on every request.