Disabling LDAP query result caching
search cancel

Disabling LDAP query result caching

book

Article ID: 385367

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Background

The Layer 7 Gateway caches a certain amount of LDAP authentication requests. This allows the Gateway to balance speed with consistency for users requiring repeated authentication attempts against a directory over a short period of time. This caching is intended to increase the performance of the Gateway. To troubleshoot LDAP related authentication failures, it may be necessary to disable LDAP authentication caching for both failed and successful authentication attempts. This behavior is governed by two cluster-wide properties:

  1. authCache.failureCacheSize
  2. authCache.successCacheSize

Environment

All Gateway Versions

Resolution

Implementation

In order to remove any and all LDAP caching, the following steps should be taken:

  1. Log into the Layer 7 Policy Manager as an administrative user
  2. Open the Tasks menu
  3. Select the Manage Cluster-Wide Properties task
  4. Add or edit the two cluster-wide properties specified below to have a value of 0.
  • authCache.failureCacheSize
  • authCache.successCacheSize

The cache for LDAP authentication should expire shortly and subsequent requests will not be cached. It is recommended that this behavior not be utilized in a production environment unless specified by Layer 7 Support as increased frequency of LDAP queries can result in a net negative impact to the performance of the Gateway appliance