LDAP Sync and optimization parameters | Community
Skip to main content
A
Anonymous
October 16, 2015
Solved

LDAP Sync and optimization parameters

  • October 16, 2015
  • 3 replies
  • 1013 views

Hi,

We are doing some testing and it looks like anything done within the JCR user related is syncing with LDAP on every request or so. 

Our ldap_login.conf file is as below:

com.day.crx {
    com.day.crx.core.CRXLoginModule sufficient
        tokenExpiration="9999999"
        disableNTLMAuth="true";

    com.day.crx.security.ldap.LDAPLoginModule required
        principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
        disableNTLMAuth="true"

and we are using cookie based SSO authentication. Based on the above conf file, i assumed that CQ will only sync with ldap if the user isn't found in its cache otherwise, it will use the CRXLoginModule to sync . How exactly is the cache maintained? If a new user logs into the app and maximum number of users are already cached will it replace one of the users?

1) Should we get rid of NTLM auth param?

We are looking at the optimization parameters as well

2) cacheMaxSize is by default set to 1000 what? 1000 byte/KB?

3) 

         
cache.expirationThe interval, in seconds, for which a principal is cached

 does this mean that even if the cache size is full the user won't be dumped out of the cache until the expiration time for the user is reached and other users are using the system.

LDAP is a very central process of our app and we are using it on publishers.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Sham_HC

there is no limitation as such. N number of user can login & no one will be dumped out.  When cache is filled aem reaches to ldap for authentication instead of checking in cache.

It is size & not byte that is 1000 prinicpals.

 

http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html

3 replies

Sham_HC
Sham_HCAccepted solution
Level 10
October 16, 2015

there is no limitation as such. N number of user can login & no one will be dumped out.  When cache is filled aem reaches to ldap for authentication instead of checking in cache.

It is size & not byte that is 1000 prinicpals.

 

http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html

A
Anonymous
October 16, 2015

Sham HC wrote...

there is no limitation as such. N number of user can login & no one will be dumped out.  When cache is filled aem reaches to ldap for authentication instead of checking in cache.

It is size & not byte that is 1000 prinicpals.

 

http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html

 

 

Hi Sham,

Thanks for your reply. There are two similar attributes.

     
cache.maxsizeThe number of principals that CRX caches. The default is 1000.
     
cacheMaxSize

The maximum size of the cache in total. The default is 1000.

Can be set to the number of users for best efficiency.

I was talking about the latter. As you are saying that when cache is filled up aem reaches ldap for authentication, will it do it for every user or user in the cache will be served out of the cache?

Sham_HC
Sham_HC
Level 10
October 16, 2015

refer [1] for accurate information.  cacheMaxSize is for principal cache where as cache.maxsize for credentials cache.

User in cache will be served from cache till the expire.

[1]  http://docs.adobe.com/docs/en/cq/current/core/administering/ldap_authentication.html

Terms & ConditionsAccessibility statement

Loading footer...