There two different things here to distinguish:
- Backend Cache (which is now configurable since SG 15 and ES >= 5.4.3)
This cache exists to avoid hitting every backend for each auth request. Thats especially helpful with remote backend like LDAP where a network connection needs to be established.
So if you modifiy or delete a user in an auth backend it can took the configured ttl (default 60 min) until your changes are reflected within SG. But you can always force a invalidation of this cache (see below) or switch it off by setting ttl = 0
- The configuration cache of SG
Search Guard stores all of its configuration in a special index. Upon node startup it loads the config from this index into memory. If you change the contents in the index the changes are not automatically reflected into memory.
You need to issue a "configuration update" request to load the current config from the index into memory (and make it effective). This "update" does also clear the "Backend cache" discussed above.
You can trigger a "configuration update" (and Backend Cache invalidation):
- By restarting a node (but thats not a good solution is its solely to update the configs/clear backend cache)
- Run sgadmin with the -rl or --reload option
- Via the /_searchguard/api/cache REST endpoint (this needs the REST mngt. module to be installed:
https://github.com/floragunncom/search-guard-docs/blob/master/managementapi.md)
We recommend to use sgadmin for config updates because its the default tool/prodecure and there is always a automatic config update/backend refresh executed.
If you need to do it via curl/HTTPS then use the REST management module/api:
https://github.com/floragunncom/search-guard-rest-api
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
search-guard...@googlegroups.com.
> To post to this group, send email to
search...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/search-guard/d8ca9aa4-a5a7-4b26-8150-f9ecc59ca049%40googlegroups.com.