auth_ldap_cache_expiration_time
The `auth_ldap_cache_expiration_time` directive sets the duration before cached LDAP authentication results expire.
Description
The auth_ldap_cache_expiration_time directive controls how long authentication results are stored in the cache when using the LDAP Authentication module for NGINX. By enabling caching, subsequent requests from the same user for the specified duration can bypass the overhead of querying the LDAP server, resulting in reduced response time and server load.
This directive takes a single argument that specifies the duration in milliseconds after which the cached results are considered expired. When a cached entry is accessed after its expiration time, the LDAP server will be queried again to refresh the authentication result. Proper caching can enhance application performance, especially in high-traffic environments, by minimizing the number of requests made to the LDAP server, which can be slower than in-memory lookups.
To effectively utilize this caching feature, it is important to set a reasonable expiration time. If it is set too high, users may experience stale authentication results, especially after password changes. Conversely, setting it too low may negate performance benefits by frequently re-querying the LDAP server. Hence, administrators should balance performance needs and user experience when configuring this directive.
Config Example
http {
auth_ldap_cache_expiration_time 60000; # Cache entries expire after 60 seconds
ldap_server test {
url ldap://ldap.example.com:389/DC=example,DC=com?sAMAccountName?sub?(objectClass=user);
binddn "[email protected]";
binddn_passwd "password";
require valid_user;
}
}Ensure that the cache expiration time is not set too high to avoid stale authentication results.
Remember to enable caching by setting the corresponding directive, as this directive will not operate independently.
Adjust the expiration time according to user activity patterns for optimal performance.