Changing LDAP search cache variable values
Change the default values of the Lightweight Directory Access Protocol (LDAP) search cache variables.
You can change the values of the following variables:
Variable | Default value | Description |
---|---|---|
LDAP_SEARCH_CACHE_TIMEOUT |
1200 seconds | The maximum time that the contents of the search results cache are available. |
LDAP_SEARCH_CACHE_ENABLED |
true | A Boolean value to indicate that the search results must be cached or not. |
LDAP_SEARCH_CACHE_SIZE |
2000 | The number of search results that are stored in the cache. |
LDAP_SEARCH_CACHE_SIZELIMIT |
2000 | The maximum number of results that can be cached for a single LDAP search. |
LDAP_ATTR_CACHE_SIZE |
2000 | The number of entities that can be stored in the cache. |
LDAP_ATTR_CACHE_TIMEOUT |
1200 seconds | The maximum time that the contents of the LDAP attribute cache are available. |
LDAP_ATTR_CACHE_SIZELIMIT |
2000 | The maximum number of attributes per LDAP entity that are cached. |
LDAP_ATTR_CACHE_ENABLED |
true | A Boolean value to indicate that the entities must be cached or not. |
For more information, see LDAP User Registry (ldapRegistry).
Follow these steps to change the variable values:
-
Edit the
platform-auth-idp
configmap.oc -n <your-foundational-services-namespace> edit configmap platform-auth-idp
The file content resembles the following code:
# Please edit the following object. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: AUDIT_DETAIL: "false" AUDIT_ENABLED_IDMGMT: "false" AUDIT_ENABLED_IDPROVIDER: "false" . . LDAP_ATTR_CACHE_ENABLED: "true" LDAP_ATTR_CACHE_SIZE: "2000" LDAP_ATTR_CACHE_SIZELIMIT: "2000" LDAP_ATTR_CACHE_TIMEOUT: 1200s LDAP_SEARCH_CACHE_ENABLED: "true" LDAP_SEARCH_CACHE_SIZE: "2000" LDAP_SEARCH_CACHE_SIZELIMIT: "2000" LDAP_SEARCH_CACHE_TIMEOUT: 1200s LDAP_SEARCH_CN_ATTR_ONLY: "false" LDAP_SEARCH_ID_ATTR_ONLY: "false" LDAP_SEARCH_SIZE_LIMIT: "50" LDAP_SEARCH_TIME_LIMIT: "5" MASTER_HOST: mycluster.icp NODE_ENV: production . . "/tmp/kubectl-edit-i5ta2.yaml" 60L, 2204C
-
Change the LDAP variable values, as required, and save the ConfigMap.
After you update and save the changes, you see the following message:
configmap "platform-auth-idp" edited
-
Restart the
platform-identity-provider
pod.-
Get the
platform-identity-provider
pod ID.oc -n <your-foundational-services-namespace> get pods | grep platform-auth-service
Following is a sample output of the command:
platform-identity-provider-5b78f 4/4 Running 3 12d
-
Delete the
platform-identity-provider
pod.oc -n <your-foundational-services-namespace> delete pod platform-identity-provider-5b78f
After the pod is deleted, you see the following message:
pod "platform-identity-provider-5b78f" deleted
Wait for a few minutes for the pod to restart.
-
Verify the status of the pod.
oc -n <your-foundational-services-namespace> get pods | grep platform-identity-provider
The pod gets a new ID after restart.
platform-identity-provider-5267t 1/4 Running 0 4m
-