Changing LDAP cache settings
Changing the Lightweight Directory Access Protocol (LDAP) cache settings that are used for authentication in your product.
The LDAP cache setting parameters are listed in the following tables. For more information, see LDAP User Registry (ldapRegistry) .
Note: Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry.
For example, 1s500ms is equivalent to 1.5 seconds. This note is applicable only to the LDAP_ATTR_CACHE_TIMEOUT
and LDAP_SEARCH_CACHE_TIMEOUT
parameters.
Parameter | Description | Default value |
---|---|---|
LDAP_ATTR_CACHE_ENABLED |
Enable or disable LDAP attribute cache. | true |
LDAP_ATTR_CACHE_SIZE |
Number of entities that can be stored in the cache. | 2000 |
LDAP_ATTR_CACHE_SIZELIMIT |
Maximum number of attributes per LDAP entity that are cached. | 2000 |
LDAP_ATTR_CACHE_TIMEOUT |
Maximum time that the contents of the LDAP attribute cache are available. When the specified time elapses, the LDAP attribute cache is cleared. | 1200s |
Parameter | Description | Default value |
---|---|---|
LDAP_SEARCH_CACHE_ENABLED |
Enable or disable LDAP search results cache. | true |
LDAP_SEARCH_CACHE_SIZE |
Number of search results that are stored in the cache. | 2000 |
LDAP_SEARCH_CACHE_SIZELIMIT |
Maximum number of results that can be cached for a single LDAP search. | 2000 |
LDAP_SEARCH_CACHE_TIMEOUT |
Maximum time that the contents of the search results cache are available. When the specified time elapses, the search results cache is cleared. | 1200s |
Changing the parameter values by using kubectl
To change the parameter values, complete the following steps:
-
Install the Kubernetes CLI (kubectl) tool.
-
Edit the
platform-auth-idp
ConfigMap.kubectl -n <your-foundational-services-namespace> edit configmap platform-auth-idp
-
Change the following attribute values as required:
LDAP_ATTR_CACHE_ENABLED
LDAP_ATTR_CACHE_SIZE
LDAP_ATTR_CACHE_SIZELIMIT
LDAP_ATTR_CACHE_TIMEOUT
LDAP_SEARCH_CACHE_ENABLED
LDAP_SEARCH_CACHE_SIZE
LDAP_SEARCH_CACHE_SIZELIMIT
LDAP_SEARCH_CACHE_TIMEOUT
-
Save and close the ConfigMap.
-
Restart the
platform-auth-service
podskubectl -n <your-foundational-services-namespace> delete pod -l k8s-app=platform-auth-service
-
Wait for some time. Then, check the status of the
platform-auth-service
pods. The status must show as4/4 Running
for all the pods.kubectl -n <your-foundational-services-namespace> get pods | grep platform-auth-service
Changing the parameter values by using the console
- Log in to the OpenShift Container Platform console as a user with cluster administrator access.
- From the navigation menu, click Workloads > Config Maps.
- Search for
platform-auth-idp
. - Click ... > Edit Config Map.
- Change the following attribute values as required:
LDAP_ATTR_CACHE_ENABLED
LDAP_ATTR_CACHE_SIZE
LDAP_ATTR_CACHE_SIZELIMIT
LDAP_ATTR_CACHE_TIMEOUT
LDAP_SEARCH_CACHE_ENABLED
LDAP_SEARCH_CACHE_SIZE
LDAP_SEARCH_CACHE_SIZELIMIT
LDAP_SEARCH_CACHE_TIMEOUT
- Click Save.
- From the navigation menu, click Workloads > Deployments.
- Locate
platform-auth-service
. - Click ... > Edit Deployment. A window for editing displays.
- Click Save without making any change. This step is to reload the
platform-auth-service
pods with the latest ConfigMap values. - Click
platform-auth-service
. - Wait for some time. Then, check the status of the
platform-auth-service
pods in the Pods pane. The status of all the pods must show as4/4
under the Ready field name.