I have successfully integrated my TrueNAS-13.0-U5.3 system with an Active Directory Windows server. Currently, every time a new user or group is added in Active Directory, I have to manually click on “Rebuild Directory Service Cache” in TrueNAS to reflect these changes.
I am seeking a method to automate this cache rebuilding process. Ideally, I would like to set up a cron job that triggers this action every 5 minutes. However, when I tried using the command midclt call directoryservices.cache_refresh, it did not update the NAS users and groups as expected.
I have explored the TrueNAS interface and documentation for any feature or parameter that could allow for automatic rebuilding of the directory service cache, but I found nothing applicable
Additionally, I am considering disabling the directory service cache altogether but am unsure of the potential impacts on my NAS performance and functionality. Unfortunately, I have not found a way to temporarily disable the directory service cache to assess the impacts.
Could anyone provide insights or share experiences regarding the automation of cache rebuilding, or the implications of disabling the cache in TrueNAS?
This is just a UI cache for users / groups. Rebuilding it every 5 minutes would generate load on your DC and winbindd for no real benefit. There’s a reason we rebuild once every 24 hours. The cache is only a convenience feature, you can still manually type in user / group names if for some reason they aren’t populated.
Thank you for your reply. I understand the concern about system load, but my scenario involves using TrueNAS’s API to automate ACL settings based on AD group, which requires up-to-date group GIDs.
Why Frequent Updates Are Necessary:
API Dependency: Our system automatically updates ACLs through the API, needing current GIDs immediately after groups are created in AD.
Operational Efficiency: Delay in cache updates can cause ACL updates to fail, as the API cannot retrieve the GID of the latest groups.
Considerations:
Manual group entry is not viable for our automated processes.
We need a more frequent refresh during operational hours or a mechanism to trigger refreshes based on specific AD changes.
Could you suggest any optimized approaches or configurations in TrueNAS that might support more selective or event-driven cache refreshes?
If you already know what groups you need, you can call group.get_group_obj for the group/gid in question. There’s no need to use the query API / cache.
I discovered the command “midclt call dscache.refresh” which effectively refreshes the directory services cache. Instead of setting up a new cron job to frequently update the cache, I’ve write a small script that executes this command only when a new group is created via the NAS API. This approach allows me to refresh the cache as needed, specifically to fetch the ID of the newly created group for ACL applications.
