02-18-2016 01:39 AM - edited 02-18-2016 01:48 AM
Does anyone see a problem with setting the Cache Timeout to 0 - 300s? What we are trying to achieve is only allowing users connect to wifi if they badge in using their campus ID card. We want to utilize CPPM and its functionality to search AD/LDAP attributes.
So we would want to achieve the following:
- When student arrives on campus, they will badge in with their ID.
- The ID software will then update an attribute in ActiveDirectory/LDAP, "pager" and will change it to say 1, so that we know that this user has tapped into the system and is on campus.
- CPPM Rules:
- If user is a "student" AND "pager = 1" then user can connect. (User is a student and has badged in)
- If user is a "student" AND "pager is not 1" then user can't connect. (User is a student but has not badged in, no wifi)
- I've tested a trial run in our Test environment, with CPPM, I have two authentication sources from Active Directory.
- Authentication Source: AD Server 1, with cache timeout set to it's default 36000s. This will be for main authentication
- Authentication Source: AD Server 2, which is looking for a change in the "pager" attribute., with cache timeout set to 0-300s
I know I can do all of this using one authentication source with a very low Cache Timout, but I'm just not sure if the load will be too great? We would hypothetically have 1500 users authenticating at peak hours or beginning of the day.
Any recommended settings would be appreciated? My main worry is if CPPM could handle that load?
02-18-2016 01:42 AM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
02-18-2016 01:51 AM
Thanks for the quick reply Troy.
We are on a single 5K -VM Appliance. So we are only a fraction of the type of environment you are mentioning. But that is comforting to know that CPPM can do this. We wiil most likely bump up the specs on our Authentiaction servers to handle the load.