User Authorization Cache

This  week the CA Tip is on AZ Cache.

The Policy Server caching framework is something that I have struggled with a lot over the years–I seem to think of ‘front end cache’ and ‘back end cache’–FEC is the stuff that is cached between policy server & web agent and BEC is the stuff cached between the policy server & user stores. I generally don’t worry much about what the policy server caches of the actual policies. I think I think this way mostly because the policies I work with are generally fairly simple & I just assume everything is in cache. Also, problems only seem to occur if something is slow going back to the User Stores.

I find this comment in the article very telling:

Please note that if a policy is bound to a user name (or DN, OU, and O); the Authorization Cache is ineffective because in this case there is no need to search the directory in the first place

The distinctions between CN or or OU is very interesting.

Also, this seems very interesting to me:

a) the cache limit is reached 25% random entries are removed

I have posted to the forums to try to get more information on this.