[Building Sakai] LDAP caching

Kusnetz, Jeremy JKusnetz at APUS.EDU
Fri Dec 20 11:00:38 PST 2013 

One more question :)

Currently we have this set:
timeToLiveSeconds = 300 timeToIdleSeconds = 300

What exactly is the timeToIdleSeconds?  In your example we are setting it to 0, but currently it's set to 300 the same as live.  I'm increasing the timeToLiveSeconds, should I keep the idle at what I set the live for?  Set it to 0, or some other number?

From: Sam Ottenhoff [mailto:ottenhoff at longsight.com]
Sent: Friday, December 20, 2013 1:56 PM
To: Kusnetz, Jeremy
Cc: sakai-dev Developers
Subject: Re: [Building Sakai] LDAP caching



On Fri, Dec 20, 2013 at 1:53 PM, Kusnetz, Jeremy <JKusnetz at apus.edu<mailto:JKusnetz at apus.edu>> wrote:
Actually I guess what you are saying is I need to set

I see the timeToLiveSeconds is set to 300:

[ name = org.sakaiproject.user.api.UserDirectoryService.callCache status = STATUS_ALIVE eternal = false overflowToDisk = false maxEntriesLocalHeap = 10000 maxEntriesLocalDisk = 0 memoryStoreEvictionPolicy = LRU timeToLiveSeconds = 300 timeToIdleSeconds = 300 diskPersistent = false diskExpiryThreadIntervalSeconds = 120 cacheEventListeners: net.sf.ehcache.statistics.LiveCacheStatisticsWrapper hitCount = 459530 memoryStoreHitCount = 459530 diskStoreHitCount = 0 missCountNotFound = 22147 missCountExpired = 10295 maxBytesLocalHeap = 0 overflowToOffHeap = false maxBytesLocalOffHeap = 0 maxBytesLocalDisk = 0 pinned = false ]

So I would add this to sakai.properties?

Correct



memory.org.sakaiproject.user.api.UserDirectoryService.callCache=timeToLiveSeconds=14400,timeToIdleSeconds=0,maxElementsInMemory=50000

With this being cached so long, if a user updates their password it could take up to 4 hours to see the change?


No, passwords aren't cached.  Authentications occur live against LDAP.  If the user's last name changes in LDAP it will not update in Sakai until the cache expires.  That small downside seems worth it for vastly better performance.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20131220/598a93ed/attachment.html

More information about the sakai-dev mailing list