Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Caching in LDAP authentication

Caching in LDAP authentication

New Contributor

Hello,

 

I have a question about the following scenario: A user is within a LDAP group. A certain action removes the user from that LDAP group. Since the response is cached, the user that has been recently removed from the group appears, for a period of time, as if the user was within that group. I saw that the validity of the entries in the cache containing the user->group mappings in LDAP is configurable via "hadoop.security.groups.cache.secs" and is set, by default, to 300 seconds. I tried different values for this property(even 0 seconds), but the change is still not immediate. Is there a way to make sure that any change in a LDAP group is immediately applied?

 

Thank you.

Don't have an account?
Coming from Hortonworks? Activate your account here