For improved performance, IWSVA caches the IP address for LDAP User ID and Group relationships.
This cache applies the previously authenticated User IDs to future connections originating
from the same IP for as long as is specified in the cache setting. The default value
is 2 hours.
This relationship is not supported for certain network configurations though, namely
a downstream proxy. You need to disable ID Cache for the following network configurations:
client > proxy > IWSVA
client > ICAP > IWSVA
client > firewall > IWSVA
In these configurations, the User's unique IP address would be masked if this feature
were enabled—IWSVA sees only the downstream proxy rather than the originating client.
 |
WARNING
Do NOT disable user ID cache when IWSVA is in transparent mode.
|
To disable the User ID cache:
-
Login IWSVA CLI interface and change to enable mode.
-
Type the following command:
configure module ldap ipuser_cache disable
Explanation of related parameters:
-
ip_user_central_cache_interval: Specifies the duration for which the IP address /
User ID remains valid. The default value is 2 hours.
-
user_groups_central_cache_interval: Specifies the duration for which the User / Group
relationship remains cached. The default value is 2 hours. Decrease this value if
your group relationships often change.
See also
