From 1765f632dcb8e2cccfdb48969698e3cd2cd748f1 Mon Sep 17 00:00:00 2001 From: David Mulder Date: Fri, 15 Nov 2024 08:31:21 -0700 Subject: [PATCH] Increase the cache timeout to 5 minutes A 15 second timeout ensures banned users are forgotten almost immediately, but it also drammatically increases network traffic, slows down Himmelblau, and causes AADSTS50196 errors on some tenants ("The server terminated an operation because it encountered a client request loop"). A 5 minute timeout is more reasonable, and mirrors Winbind's behavior. This timeout can be decreased via configuration if necessary. BUG: https://github.com/himmelblau-idm/himmelblau/issues/290 Signed-off-by: David Mulder --- man/man5/himmelblau.conf.5 | 2 +- platform/debian/himmelblau.conf.example | 2 +- src/common/src/constants.rs | 2 +- src/config/himmelblau.conf.example | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/man/man5/himmelblau.conf.5 b/man/man5/himmelblau.conf.5 index 9215a1e..c2e8c6e 100644 --- a/man/man5/himmelblau.conf.5 +++ b/man/man5/himmelblau.conf.5 @@ -260,7 +260,7 @@ connection_timeout = 5 .TP .B cache_timeout .RE -The timeout for caching authentication data. Default is 15 seconds. +The timeout for caching authentication data. Default is 300 seconds (5 minutes). .EXAMPLES cache_timeout = 10 diff --git a/platform/debian/himmelblau.conf.example b/platform/debian/himmelblau.conf.example index 58e97eb..48f5176 100644 --- a/platform/debian/himmelblau.conf.example +++ b/platform/debian/himmelblau.conf.example @@ -93,7 +93,7 @@ home_alias = CN # shell = /bin/bash ; default shell for the user # idmap_range = 5000000-5999999 # connection_timeout = 2 -# cache_timeout = 15 +# cache_timeout = 300 use_etc_skel = true # selinux = true diff --git a/src/common/src/constants.rs b/src/common/src/constants.rs index 3bb4286..951225f 100644 --- a/src/common/src/constants.rs +++ b/src/common/src/constants.rs @@ -35,7 +35,7 @@ pub const DEFAULT_GRAPH: &str = "https://graph.microsoft.com"; pub const DEFAULT_APP_ID: &str = "b743a22d-6705-4147-8670-d92fa515ee2b"; pub const DRS_APP_ID: &str = "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9"; pub const DEFAULT_CONN_TIMEOUT: u64 = 30; -pub const DEFAULT_CACHE_TIMEOUT: u64 = 15; +pub const DEFAULT_CACHE_TIMEOUT: u64 = 300; pub const DEFAULT_SELINUX: bool = true; pub const DEFAULT_HSM_PIN_PATH: &str = "/var/lib/himmelblaud/hsm-pin"; pub const DEFAULT_HELLO_ENABLED: bool = true; diff --git a/src/config/himmelblau.conf.example b/src/config/himmelblau.conf.example index 2d933a8..7a6ad34 100644 --- a/src/config/himmelblau.conf.example +++ b/src/config/himmelblau.conf.example @@ -91,7 +91,7 @@ # shell = /bin/bash ; default shell for the user # idmap_range = 5000000-5999999 # connection_timeout = 2 -# cache_timeout = 15 +# cache_timeout = 300 # use_etc_skel = false # selinux = true