Adobe Experience Manager Sites & More

Report · 10/15/15

Hi,

We are doing some testing and it looks like anything done within the JCR user related is syncing with LDAP on every request or so.

Our ldap_login.conf file is as below:

com.day.crx {
   com.day.crx.core.CRXLoginModule sufficient
   tokenExpiration="9999999"
       disableNTLMAuth="true";

   com.day.crx.security.ldap.LDAPLoginModule required
       principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
       disableNTLMAuth="true"

and we are using cookie based SSO authentication. Based on the above conf file, i assumed that CQ will only sync with ldap if the user isn't found in its cache otherwise, it will use the CRXLoginModule to sync . How exactly is the cache maintained? If a new user logs into the app and maximum number of users are already cached will it replace one of the users?

1) Should we get rid of NTLM auth param?

We are looking at the optimization parameters as well

2) cacheMaxSize is by default set to 1000 what? 1000 byte/KB?

3)

cache.expiration

The interval, in seconds, for which a principal is cached

does this mean that even if the cache size is full the user won't be dumped out of the cache until the expiration time for the user is reached and other users are using the system.

LDAP is a very central process of our app and we are using it on publishers.

Sham_HC · 10/15/15

there is no limitation as such. N number of user can login & no one will be dumped out. When cache is filled aem reaches to ldap for authentication instead of checking in cache.

It is size & not byte that is 1000 prinicpals.

http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html

View solution in original post

Sham_HC · 10/15/15

there is no limitation as such. N number of user can login & no one will be dumped out. When cache is filled aem reaches to ldap for authentication instead of checking in cache.

It is size & not byte that is 1000 prinicpals.

http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html

Report · 10/15/15

Sham HC wrote...

there is no limitation as such. N number of user can login & no one will be dumped out. When cache is filled aem reaches to ldap for authentication instead of checking in cache.

It is size & not byte that is 1000 prinicpals.

http://wem.help.adobe.com/enterprise/en_US/10-0/core/administering/ldap_authentication.html

Hi Sham,

Thanks for your reply. There are two similar attributes.

cache.maxsize

The number of principals that CRX caches. The default is 1000.

cacheMaxSize

The maximum size of the cache in total. The default is 1000.

Can be set to the number of users for best efficiency.

I was talking about the latter. As you are saying that when cache is filled up aem reaches ldap for authentication, will it do it for every user or user in the cache will be served out of the cache?