Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
haitouahman
Staff
Staff

Created on ‎09-27-2024 04:23 AM

Article Id 345089

Technical Tip: How to change the LDAP user and group cache update times on the FortiProxy

Description

This article describes that when 'ldap-user-cache' is enabled, FortiProxy retrieves user and group membership data from the LDAP server and stores it for 24 hours before refreshing. By default, the cache refresh interval is set to 24 hours (1400 minutes). This configuration is essential for maintaining up-to-date user access permissions and group memberships, especially in dynamic environments with frequent changes.
Scope FortiProxy v7.2.7+
Solution

If an administrator needs to change this update interval, they can modify the cache update times to better suit their organization’s requirements using the following CLI commands:


diagnose debug enable
diagnose test app wad 2500
diagnose test application wad 1900xyz <== Change the user cache time (xyz=minutes)
diagnose test application wad 1910xyz <== Change the Group cache time (xyz=minutes)


The example below changes the user and group timers from default 1440 to 5 minutes:

FPX1 # diagnose debug enable

FPX1 # diag test app wad 2500
Set diagnosis process: type=user-info index=0 pid=1513

FPX1 # diag test app wad 1900005
Change user cache flushing timeout from: 1440 to 5

FPX1 # diag test app wad 1910005
Change group cache flushing timeout from: 1440 to 5


Related article:
Technical Tip: Users group membership is not updated at FortiProxy 
60
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.