auth_ldap_cache_size
Sets the maximum size of the cache for LDAP authentication responses in NGINX.
Description
The auth_ldap_cache_size directive configures the maximum number of cached LDAP authentication responses that NGINX can store. Caching these responses improves performance by reducing the need for repeated queries to the LDAP server for the same user during the cache lifetime. The directive accepts a single numerical argument which specifies the size of the cache. When the maximum number of cached entries is reached, older entries are evicted to make room for new ones, following a first-in-first-out (FIFO) eviction policy.
In practice, setting an optimal cache size depends on your application's user base and the behavior of your LDAP queries. A larger cache size generally leads to faster response times since fewer requests will need to hit the LDAP server, making it beneficial for applications with a high number of recurring user authentications. However, it may increase memory usage. Conversely, setting a cache size that is too small could result in frequent LDAP server accesses, negating the performance benefits of caching.
Config Example
http {
auth_ldap_cache_size 1000;
ldap_server test {
url ldap://192.168.0.1:3268/DC=test,DC=local?sAMAccountName?sub?(objectClass=person);
binddn "TEST\LDAPUSER";
binddn_passwd LDAPPASSWORD;
require valid_user;
}
}Ensure you set an appropriate cache size based on expected user load, as a cache too small may not yield performance benefits.
Be aware that if the cache size is set to zero, caching will be effectively disabled, causing every authentication request to query the LDAP server.
Monitor memory usage, as increasing cache size can lead to higher memory consumption.