Forum Discussion

TInch_92381's avatar
TInch_92381
Icon for Nimbostratus rankNimbostratus
Apr 27, 2016

When using APM with an LDAP AAA server, are results cached?

I'm making extensive use of this sort of test:

      [mcget {session.ldap.last.attr.memberOf}] contains "My_Groupname"

I was previously using Active Directory authentication and queries rather than LDAP, but changing to LDAP has cut down the login wait from up to 15 seconds down to several seconds.

I'm almost certain that the APM is caching the membership results, however, because I make changes on the domain controller and the changes are not reflected on the BigIP - it seems to be using stale results.

Any suggestions on the expected behavior, and how to change it?

I know I can mix and and match AD and LDAP authentication and queries if necessary, and AD was also caching but didn't seem to be as long when I set it to 0 days, and I could manually clear that cache for testing purposes.

  • Yes, the LDAP Groups results are cached and you can control the settings and clear the cache in the AAA object.

     

    -Seth