Hi,
We are doing some testing and it looks like anything done within the JCR user related is syncing with LDAP on every request or so.
Our ldap_login.conf file is as below:
com.day.crx {
com.day.crx.core.CRXLoginModule sufficient
tokenExpiration="9999999"
disableNTLMAuth="true";
com.day.crx.security.ldap.LDAPLoginModule required
principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
disableNTLMAuth="true"
and we are using cookie based SSO authentication. Based on the above conf file, i assumed that CQ will only sync with ldap if the user isn't found in its cache otherwise, it will use the CRXLoginModule to sync . How exactly is the cache maintained? If a new user logs into the app and maximum number of users are already cached will it replace one of the users?
1) Should we get rid of NTLM auth param?
We are looking at the optimization parameters as well
2) cacheMaxSize is by default set to 1000 what? 1000 byte/KB?
3)
cache.expiration | The interval, in seconds, for which a principal is cached |
does this mean that even if the cache size is full the user won't be dumped out of the cache until the expiration time for the user is reached and other users are using the system.
LDAP is a very central process of our app and we are using it on publishers.
Solved! Go to Solution.
Views
Replies
Total Likes
there is no limitation as such. N number of user can login & no one will be dumped out. When cache is filled aem reaches to ldap for authentication instead of checking in cache.
It is size & not byte that is 1000 prinicpals.
http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html
Views
Replies
Total Likes
there is no limitation as such. N number of user can login & no one will be dumped out. When cache is filled aem reaches to ldap for authentication instead of checking in cache.
It is size & not byte that is 1000 prinicpals.
http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html
Views
Replies
Total Likes
Sham HC wrote...
there is no limitation as such. N number of user can login & no one will be dumped out. When cache is filled aem reaches to ldap for authentication instead of checking in cache.
It is size & not byte that is 1000 prinicpals.
http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html
Hi Sham,
Thanks for your reply. There are two similar attributes.
cache.maxsize | The number of principals that CRX caches. The default is 1000. |
cacheMaxSize | The maximum size of the cache in total. The default is 1000. Can be set to the number of users for best efficiency. |
I was talking about the latter. As you are saying that when cache is filled up aem reaches ldap for authentication, will it do it for every user or user in the cache will be served out of the cache?
Views
Replies
Total Likes
refer [1] for accurate information. cacheMaxSize is for principal cache where as cache.maxsize for credentials cache.
User in cache will be served from cache till the expire.
[1] http://docs.adobe.com/docs/en/cq/current/core/administering/ldap_authentication.html
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies