@@ -130,6 +130,12 @@ Authentication Parameters
130130
131131.. parameter:: ldapUserCacheInvalidationInterval
132132
133+ .. versionchanged:: 5.2
134+
135+ .. note::
136+
137+ .. include:: /includes/LDAP-interval.rst
138+
133139 For use with MongoDB deployments using
134140 :ref:`security-ldap-external`. Available for :binary:`~bin.mongod`
135141 instances only.
@@ -148,6 +154,82 @@ Authentication Parameters
148154
149155 Defaults to 30 seconds.
150156
157+ .. parameter:: ldapUserCacheRefreshInterval
158+
159+ .. versionadded:: 5.2
160+
161+ |mongod-only|
162+
163+ *Type*: integer
164+
165+ *Default*: 30 seconds
166+
167+ .. note::
168+
169+ .. include:: /includes/LDAP-interval.rst
170+
171+ For MongoDB deployments using :ref:`security-ldap-external`.
172+
173+ The interval in seconds that :binary:`~bin.mongod` waits before
174+ refreshing the cached user information from the LDAP server.
175+
176+ The maximum interval is 86,400 seconds (24 hours).
177+
178+ For example, the following sets
179+ :parameter:`ldapUserCacheRefreshInterval` to ``4000`` seconds:
180+
181+ .. code-block:: bash
182+
183+ mongod --setParameter ldapUserCacheRefreshInterval=4000
184+
185+ Or, if using the :dbcommand:`setParameter` command within
186+ :binary:`~bin.mongosh`:
187+
188+ .. code-block:: javascript
189+
190+ db.adminCommand( { setParameter: 1, ldapUserCacheRefreshInterval: 4000 } )
191+
192+ .. parameter:: ldapUserCacheStalenessInterval
193+
194+ .. versionadded:: 5.2
195+
196+ |mongod-only|
197+
198+ *Type*: integer
199+
200+ *Default*: 90 seconds
201+
202+ For MongoDB deployments using :ref:`security-ldap-external`.
203+
204+ The interval in seconds that :binary:`~bin.mongod` retains the cached
205+ LDAP user information after the last cache refresh.
206+
207+ If more than :parameter:`ldapUserCacheStalenessInterval` seconds
208+ elapse without a successful refresh of the user information from the
209+ LDAP server, then :binary:`~bin.mongod`:
210+
211+ - Invalidates the cached LDAP user information.
212+
213+ - Is unavailable for LDAP users. LDAP users are unable to
214+ authenticate until :binary:`~bin.mongod` contacts the LDAP
215+ server.
216+
217+ The maximum interval is 86,400 seconds (24 hours).
218+
219+ For example, the following sets
220+ :parameter:`ldapUserCacheStalenessInterval` to ``4000`` seconds:
221+
222+ .. code-block:: bash
223+
224+ mongod --setParameter ldapUserCacheStalenessInterval=4000
225+
226+ Or, if using the :dbcommand:`setParameter` command within
227+ :binary:`~bin.mongosh`:
228+
229+ .. code-block:: javascript
230+
231+ db.adminCommand( { setParameter: 1, ldapUserCacheStalenessInterval: 4000 } )
232+
151233.. parameter:: ldapUseConnectionPool
152234
153235 .. versionadded:: 4.0.9
@@ -256,6 +338,30 @@ Authentication Parameters
256338 start-up, and cannot change this setting with the
257339 :dbcommand:`setParameter` database command.
258340
341+ .. parameter:: ldapShouldRefreshUserCacheEntries
342+
343+ .. versionadded:: 5.2
344+
345+ |mongod-only|
346+
347+ *Type*: boolean
348+
349+ *Default*: true
350+
351+ For MongoDB deployments using :ref:`security-ldap-external`.
352+
353+ .. include:: /includes/LDAP-interval.rst
354+
355+ You can only set :parameter:`ldapShouldRefreshUserCacheEntries`
356+ during startup in the :setting:`configuration file <setParameter>` or
357+ with the ``--setParameter`` option on the command line. For example,
358+ the following disables
359+ :parameter:`ldapShouldRefreshUserCacheEntries`:
360+
361+ .. code-block:: bash
362+
363+ mongod --setParameter ldapShouldRefreshUserCacheEntries=false
364+
259365.. parameter:: maxValidateMemoryUsageMB
260366
261367 .. versionadded:: 5.0
0 commit comments