Hi Ellie,
On Monday, February 28, 2022, at 12:53 AM, ellie timoney wrote:
"pts_module: ldap" in imapd.conf, I assume?
Yes.
If I change users group membership inside AD, ptloader doesn't pick the change up.What do you have set for ptscache_timeout? If you don't have it set, the default is 3 hours. Did you wait that long?
Yes, but not for all tests in the past.
The documentation for ptscache_timeout implies that it's only for the "afskrb" module, but I believe that might just be out of date (since the specific thing it references no longer exists). Skimming source, it looks like ptscache_timeout should apply regardless of which pts_module is in use.I can force picking up changes by expiring the cache (ptexpire -E0). Must I configure cache expiration inside cyrus.conf or should that work without explicit configuration?I don't think you should need to. But, if setting ptscache_timeout to a value you're happy with doesn't sort it out, then maybe scheduling ptexpire in cyrus.conf is the correct thing to do.Documentation is a bit poor here.Indeed! If ptscache_timeout fixes it, let me know and I can rewrite that ptscache_timeout documentation to be current. Cheers, ellie
I've changed ptscache_timeout to 600. But I'm not sure what it fixes.
Removing a user from a group removes the group from the user in the cache after five minutes. Adding a user to a group changes nothing in the cache. Logging a user off from cyrus changes nothing in the cache, the user persist for hours. ptexpire works perfect.
Adam
