AD User & Group Information Caching for Large Environments

From OSNEXUS Wiki
Jump to: navigation, search

Qs adcachetimeout.jpg

For configurations with large numbers (60K+) of users+groups we've seen it take many minutes to populate the cache so an alternative approach is needed for these configurations. That alternative caching approach to make QuantaStor work fast and efficiently in large environments is to provide the ability to create an on-disk cache of the AD user list and UID/GID mapping information that the QuantaStor service can use in lieu of scanning that information directly from AD.

In this mode where the on-disk AD cache is present, using the 'Search & Clear Cache' option from the web UI does not clear the on-disk AD cache. It can only be created, cleared, and updated using the qs-util command line utility adcache commands like so:

  • To generate/create the QuantaStor service on-disk AD cache
sudo qs-util adcachegenall
  • To clear all QuantaStor service on-disk AD cache information
sudo qs-util adcacheclearall

Here is the full list of on-disk AD cache management commands:

 Active Directory Commands
   qs-util adcachelistfiles         : List the files in the Active Directory cache.
   qs-util adcachegenall            : Generates a cache of Active Directory users and groups.
   qs-util adcacheclearall          : Clears a cache of Active Directory users and groups.
   qs-util adusercachegen           : Generates a cache of Active Directory users.
   qs-util adusercacheclear         : Clears a cache of Active Directory users.
   qs-util adgroupcachegen          : Generates a cache of Active Directory groups.
   qs-util adgroupcacheclear        : Clears a cache of Active Directory groups.

Note that when new users are added to your AD environment that the on-disk AD cache information with QuantaStor will be out of date. To correct this you'll need to run the command to update all the cache files using 'qs-util adcachegenall'. To automatically update the AD cache on a nightly basis it is recommended to set up a simple cron script like so:

echo "qs-util adcacheclearall" > /etc/cron.daily/adcacheupdate
echo "qs-util adcachegenall" >> /etc/cron.daily/adcacheupdate
chmod 755 /etc/cron.daily/adcacheupdate