Changing LDAP search cache variable values

Change the default values of the Lightweight Directory Access Protocol (LDAP) search cache variables.

You can change the values of the following variables:

Table 1. LDAP cache parameters
Variable Default value Description
LDAP_SEARCH_CACHE_TIMEOUT 1200 seconds The maximum time that the contents of the search results cache are available.
LDAP_SEARCH_CACHE_ENABLED true A Boolean value to indicate that the search results must be cached or not.
LDAP_SEARCH_CACHE_SIZE 2000 The number of search results that are stored in the cache.
LDAP_SEARCH_CACHE_SIZELIMIT 2000 The maximum number of results that can be cached for a single LDAP search.
LDAP_ATTR_CACHE_SIZE 2000 The number of entities that can be stored in the cache.
LDAP_ATTR_CACHE_TIMEOUT 1200 seconds The maximum time that the contents of the LDAP attribute cache are available.
LDAP_ATTR_CACHE_SIZELIMIT 2000 The maximum number of attributes per LDAP entity that are cached.
LDAP_ATTR_CACHE_ENABLED true A Boolean value to indicate that the entities must be cached or not.

For more information, see LDAP User Registry (ldapRegistry).

Follow these steps to change the variable values:

  1. Edit the platform-auth-idp configmap.

    oc -n <your-foundational-services-namespace> edit configmap platform-auth-idp

    The file content resembles the following code:

    # Please edit the following object. Lines beginning with a '#' will be ignored,
    # and an empty file will abort the edit. If an error occurs while saving this file will be
    # reopened with the relevant failures.
    apiVersion: v1
      AUDIT_DETAIL: "false"
      LDAP_ATTR_CACHE_SIZE: "2000"
      MASTER_HOST: mycluster.icp
      NODE_ENV: production
    "/tmp/kubectl-edit-i5ta2.yaml" 60L, 2204C
  2. Change the LDAP variable values, as required, and save the ConfigMap.

    After you update and save the changes, you see the following message:

    configmap "platform-auth-idp" edited
  3. Restart the platform-identity-provider pod.

    1. Get the platform-identity-provider pod ID.

      oc -n <your-foundational-services-namespace> get pods | grep platform-auth-service

      Following is a sample output of the command:

      platform-identity-provider-5b78f                        4/4     Running                3          12d
    2. Delete the platform-identity-provider pod.

      oc -n <your-foundational-services-namespace> delete pod platform-identity-provider-5b78f

      After the pod is deleted, you see the following message:

      pod "platform-identity-provider-5b78f" deleted

      Wait for a few minutes for the pod to restart.

    3. Verify the status of the pod.

      oc -n <your-foundational-services-namespace> get pods | grep platform-identity-provider

      The pod gets a new ID after restart.

      platform-identity-provider-5267t               1/4       Running     0          4m