Crowd 2.1 Beta Guide to LDAP Caching
This page contains an overview of the new database-backed caching for LDAP directories in Crowd 2.1 Beta 2.
For all LDAP directories with caching enabled, Crowd will keep an up-to-date cache of user and group information retrieved from the LDAP directory. Use of the cache should improve performance of LDAP queries, particularly in directories which are slow or off site.
Summary of the caching functionality:
- The caches are held in the Crowd database.
- When you add the directory connector to Crowd, Crowd will start a synchronization task in the background to copy all the required users, groups and membership information from LDAP to the Crowd database. This task may take a while to complete, depending on the size and complexity of your user base.
- Crowd will perform a periodic synchronization to update the database with any changes made to LDAP. The default sync interval, or polling interval, is one hour (60 minutes). You can change the polling interval on the directory connector configuration screen.
- You can manually synchronize the database-backed cache if necessary.
- Whenever an update is made to the users, groups or membership information via Crowd, Crowd will update both the database-backed cache and the LDAP directory immediately.
- All authentication is performed by calls to the LDAP directory itself. The Crowd database-backed cache does not store user passwords.
- Crowd performs all queries against the database-backed cache.
- Database-backed caching is available for all the LDAP directories that Crowd supports.
- We have optimized the database caching for directories containing approximately 10 000 (ten thousand) users. If your directory is larger, the new caching may not be as beneficial. For really large user bases, we recommend that you disable caching.
- For new directory connectors, caching is enabled by default.
- When you upgrade to Crowd 2.1 Beta 2, caching is disabled by default for existing directories.
- A suggestion: You can narrow the LDAP user/group filter to control the size of the userbase visible to Crowd.
Configuring the Cache
Screen snippets: Cache Configuration
Configuration options, as shown in the screenshots above:
- Enable or disable the cache for each directory on the directory connector's 'Details' tab.
- Set the polling interval on the directory connector's 'Connector' tab. The polling interval, or sync interval, is the period of time (number of minutes) that Crowd will wait between its requests for updates from LDAP.
- The length of your polling interval depends on the length of time you can tolerate stale data, the amount of load you want to put on Crowd and the LDAP server, and the size of your user base. If you poll more frequently, then your data will be more up to date. The downside of polling more frequently is that you may overload your LDAP server with requests.
- If in doubt, we recommend that you start with an interval of 60 minutes (this is the default setting) and reduce the value incrementally. You will need to experiment with your setup.
Screen snippets: Information about the last synchronization
The directory connector's 'Details' tab shows information about the last sync operation, including the length of time it took.
Screenshot: Manually syncing the cache
You can manually synchronize the cache by clicking the 'Synchronize Now' button on the the directory connector's 'Details' tab. If a sync operation is already in progress, you cannot start another until the first has finished.