Does an AD Query cache results?

Question

Hi guys,&nbsp;
I'm performing a simple AD Query as part of my access policy. For most users this seems to work as it should however we have a couple of users who have been moved in and out (and back in!) of one of the AD groups in question.&nbsp;
For these users the query is failing and based on what I've seen in the session logs I was wondering whether this info is in fact cached for a period of time? Here is an example of what I've seen:&nbsp;
AD Group Cache: found groupDN 'CN=Domain Users,CN=Users,DC=mydomain,DC=com' from group cache of server '127.7.0.1'&nbsp;
If the answer is that it does cache the results for a period of time, is there a way to turn off this behaviour so that a "live" lookup is performed each and every time or can the cache duration be set?&nbsp;
Thanks&nbsp;
Peter&nbsp;

seth_cooper · Answer

Hey Peter,&nbsp;
To update the cache please try the following...&nbsp;
Navigate to "Access Policy ›› Access Profiles : Access Profiles List".Check the Access Policy you want the AAA AD cache to be cleared.Apply the Access Policy
This should reset the cache. &nbsp;
The caching is in place to make the lookup faster and give a better over all experiance for all the users logging into to the system.&nbsp;
Please let me know if this helps...&nbsp;
Seth&nbsp;

seth_cooper · Answer

Peter,&nbsp;
Also, in 11.5 in the AD Properties under "Access Policy &gt;&gt; AAA Servers &gt;&gt; Select your AD config" there is a setting for "Group Cache Lifetime" which is set in number of days.  There is also a button to clear the cache.&nbsp;
Seth&nbsp;

vandenhoutenp_9 · Answer

Thanks Seth, much appreciated!&nbsp;

michael_jenkins · Answer

Along the lines of this question, do you know if there would there be any disruption to connected users if we were to change the lifetime and/or clear the cache (apart form the obvious delay the next time they connect while the groups are being retrieved)?

seth_cooper · Answer

Changing the lifetime or clearing cache shouldn't affect connected users at all.&nbsp;

Forum Discussion

Does an AD Query cache results?

Recent Discussions

[APM] - Error: failed to reset strict operations; disconnecting from mcpd

What is the use of epsec-package file in APM ?

201 Recommendations for Study

URL redirect

Cookie Persistence configured on VS but no logs

Related Content

What is Web Cache Exploitation?

Distributed caching of authentication requests with NGINX Ingress Controller

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query