-
제목
When does a cache refresh happen? User or group change not appearing. -
설명
How often does QAS refresh its user and group cache?
-
해결 방안
The only time vasd will completely dump and reload its cache is during a join or flush. At all other times there are two types of updates: incremental and by-name.
Incremental updating is based off of usnChanged values (ADs Update Sequence Numbers). When a join or flush happens, vasd stores the highest usnChanged value. Then, when an incremental update is triggered, it queries AD for all unix enabled objects with a usnChanged value higher than the stored one. The incremental update then stores the highest usnChanged value for the next time it runs. This is triggered by some activities, and by the lazy-cache-update-interval when there is no system activity. An incremental update can be forced by running vastool list -f groups. Note, that a incremental update cannot detect deleted AD users or groups. Only a by-name update can.
By-name updating is when a request comes in for a specific name. For example, Bob logs in with their account bob23. Vasd will query that object in AD to get the latest information for it. Running vastool list -f user bob23 would trigger it as well.
From the vas.conf man page:
lazy-cache-update-interval =Default value: 10By default, every 10-20 minutes vasd will trigger an incremental update for user and group identity information. This only pulls down information for users and groups that have changed since the last incremental update. The value is in minutes, and the update will happen randomly somewhere between 1X and 2X the value set. This randomized interval is to reduce the load on the Domain Controller in situations where multiple computers are started simultaneously (such as after a power outage).
[vasd]
lazy-cache-update-interval = 15