ldap_cache_enabled for MariaDB Xpand

Overview

In 23.09:

Cache the results returned by LDAP search operations.

In 6.1, 6.0, 5.3:

Not present

See also: System Variables for MariaDB Xpand 23.09, in 6.1, in 6.0, and in 5.3

USAGE

The global value of the ldap_cache_enabled system variable can be set by executing SET GLOBAL:

SET GLOBAL ldap_cache_enabled = {true | false};

Using SET GLOBAL to set the value of a global variable in Xpand causes a change that will persist on restart.

DETAILS

The ldap_cache_enabled system variable allows to cache the results returned by LDAP search operations (disabled by default).

The LDAP query cache can help reduce load on the LDAP server, as well as reduce login latency if the LDAP server is for whatever reason far away from the Xpand cluster.

This cache is only for LDAP queries and their results, such as what is returned by the queries derived from the global variables ldap_group_query and ldap_user_lookup_query

Since the raw LDAP query results are what is cached, and not the role mappings themselves, the final roles applied to a new LDAP session can change depending on the current existence of the roles in Xpand and the mapping strategy specified by the ldap_group_to_xpand_role global variable.

The actual authentication step with the LDAP server still happens every time an LDAP user login happens through Xpand, and is not currently eligible for caching.

A trade-off of using this query cache is that changes to LDAP group membership may not be immediately reflected in the derived Xpand roles. For example, this can happen if the cache still contains a non-expired list of groups for a particular query derived from the global variable ldap_group_query

Each Xpand node has its own LDAP query cache.

Flush Cache

The cache can be flushed manually by running CALL system.ldap_cache_flush() on the Xpand SQL prompt. Running this on a single node will flush the cache on all nodes.

SYNONYMS

SCHEMA

PARAMETERS

SKYSQL

PRIVILEGES

EXAMPLES

To enable the LDAP query cache:

SET GLOBAL ldap_cache_enabled = true;

To disable the LDAP query cache:

SET GLOBAL ldap_cache_enabled = false;

ERROR HANDLING

FEATURE INTERACTION

RESPONSES

DIAGNOSIS

ISO 9075:2016

CHANGE HISTORY

Release Series

History

23.09

  • Added in MariaDB Xpand 23.09.1.

6.1

  • Not present.

6.0

  • Not present.

5.3

  • Not present.

EXTERNAL REFERENCES