Improve ldapUserCacheInvalidationInterval behaviour

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Won't Fix
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • None
    • Server Security
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      ldapUserCacheInvalidationInterval clear the cache for all users at the same time.

      2020-11-18T16:06:25.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
      2020-11-18T16:06:25.608+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external
      ...
      2020-11-18T16:06:55.608+1100 D1 ACCESS   [LDAPUserCacheInvalidator] Invalidating user cache entries of external users
      2020-11-18T16:06:55.609+1100 D2 ACCESS   [LDAPUserCacheInvalidator] Invalidating all users from database $external
      
      

      Can we improve this to invalidate the autorized-connections after n seconds have passed instead? (where n = ldapUserCacheInvalidationInterval)

      If a user was authorized just before the the cache was invalidated, this will cause an unnecessary ldap call shortly after (on top of risking accumulating all these requests at once)

              Assignee:
              [DO NOT USE] Backlog - Security Team
              Reporter:
              Ivan Grigolon
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: