Issue

How to LDAP plugin works on CJOC with SSO.

Environment

CloudBees Jenkins Operations Center
CloudBees Jenkins Enterprise

Resolution

When does the Client Master caches the LDAP data?

Always.

Which LDAP data is cached? Every user or just the ones that logged in?

The users and groups that Jenkins has queried. In case you selected Single Sign On in JE there is no cache as the auth is done on CJOC, so caching will only start on CJE once CJOC is dead and CJE uses the fallback. The CJE will connect to the LDAP server as a fallback and then it will cache these responses in the LDAP lookup. When CJOC comes back it will no longer query the ldap server.

How long is data usually cached?

This depends on the configuration you do in the ldap-plugin under the TTL field.

What happens with the ldap cache once CJOC is down?

The ldap cache is empty at the point CJOC dies, so the cache will start on this moment on the CJE instance.