@@ -126,6 +126,12 @@ Authentication Parameters
126126
127127.. parameter:: ldapUserCacheInvalidationInterval
128128
129+ .. versionchanged:: 5.2
130+
131+ .. note::
132+
133+ .. include:: /includes/LDAP-interval.rst
134+
129135 For use with MongoDB deployments using
130136 :ref:`security-ldap-external`. Available for :binary:`~bin.mongod`
131137 instances only.
@@ -144,6 +150,82 @@ Authentication Parameters
144150
145151 Defaults to 30 seconds.
146152
153+ .. parameter:: ldapUserCacheRefreshInterval
154+
155+ .. versionadded:: 5.2
156+
157+ |mongod-only|
158+
159+ *Type*: integer
160+
161+ *Default*: 30 seconds
162+
163+ .. note::
164+
165+ .. include:: /includes/LDAP-interval.rst
166+
167+ For MongoDB deployments using :ref:`security-ldap-external`.
168+
169+ The interval in seconds that :binary:`~bin.mongod` waits before
170+ refreshing the cached user information from the LDAP server.
171+
172+ The maximum interval is 86,400 seconds (24 hours).
173+
174+ For example, the following sets
175+ :parameter:`ldapUserCacheRefreshInterval` to ``4000`` seconds:
176+
177+ .. code-block:: bash
178+
179+ mongod --setParameter ldapUserCacheRefreshInterval=4000
180+
181+ Or, if using the :dbcommand:`setParameter` command within
182+ :binary:`~bin.mongosh`:
183+
184+ .. code-block:: javascript
185+
186+ db.adminCommand( { setParameter: 1, ldapUserCacheRefreshInterval: 4000 } )
187+
188+ .. parameter:: ldapUserCacheStalenessInterval
189+
190+ .. versionadded:: 5.2
191+
192+ |mongod-only|
193+
194+ *Type*: integer
195+
196+ *Default*: 90 seconds
197+
198+ For MongoDB deployments using :ref:`security-ldap-external`.
199+
200+ The interval in seconds that :binary:`~bin.mongod` retains the cached
201+ LDAP user information after the last cache refresh.
202+
203+ If more than :parameter:`ldapUserCacheStalenessInterval` seconds
204+ elapse without a successful refresh of the user information from the
205+ LDAP server, then :binary:`~bin.mongod`:
206+
207+ - Invalidates the cached LDAP user information.
208+
209+ - Is unavailable for LDAP users. LDAP users are unable to
210+ authenticate until :binary:`~bin.mongod` contacts the LDAP
211+ server.
212+
213+ The maximum interval is 86,400 seconds (24 hours).
214+
215+ For example, the following sets
216+ :parameter:`ldapUserCacheStalenessInterval` to ``4000`` seconds:
217+
218+ .. code-block:: bash
219+
220+ mongod --setParameter ldapUserCacheStalenessInterval=4000
221+
222+ Or, if using the :dbcommand:`setParameter` command within
223+ :binary:`~bin.mongosh`:
224+
225+ .. code-block:: javascript
226+
227+ db.adminCommand( { setParameter: 1, ldapUserCacheStalenessInterval: 4000 } )
228+
147229.. parameter:: ldapUseConnectionPool
148230
149231 .. versionadded:: 4.0.9
@@ -252,6 +334,30 @@ Authentication Parameters
252334 start-up, and cannot change this setting with the
253335 :dbcommand:`setParameter` database command.
254336
337+ .. parameter:: ldapShouldRefreshUserCacheEntries
338+
339+ .. versionadded:: 5.2
340+
341+ |mongod-only|
342+
343+ *Type*: boolean
344+
345+ *Default*: true
346+
347+ For MongoDB deployments using :ref:`security-ldap-external`.
348+
349+ .. include:: /includes/LDAP-interval.rst
350+
351+ You can only set :parameter:`ldapShouldRefreshUserCacheEntries`
352+ during startup in the :setting:`configuration file <setParameter>` or
353+ with the ``--setParameter`` option on the command line. For example,
354+ the following disables
355+ :parameter:`ldapShouldRefreshUserCacheEntries`:
356+
357+ .. code-block:: bash
358+
359+ mongod --setParameter ldapShouldRefreshUserCacheEntries=false
360+
255361.. parameter:: maxValidateMemoryUsageMB
256362
257363 .. versionadded:: 5.0
0 commit comments