|
The LDAP background refresher thread refreshes cached LDAP users every ldapUserCacheRefreshInterval seconds. It retains stale users for up to ldapUserCacheStalenessInterval after the last successful refresh before invalidating the cached entries. However, the refresh job currently only checks whether the staleness interval has expired at the end of each failed refresh. As a result, the maximum staleness interval in practice is ldapUserCacheStalenessInterval + ldapUserCacheRefreshInterval. In addition, mongos invalidates its cache every userCacheInvalidationIntervalSecs, meaning that mongos may hold onto cached, unrefreshed LDAP users for up to userCacheInvalidationIntervalSecs + ldapUserCacheStalenessInterval + ldapUserCacheRefreshInterval.
We should update the background refresh job's frequency to ensure that the configured maximum staleness interval is actually obeyed as configured.
|