I was testing a few things about cache and here is my understandings, please correct me if I'm wrong:

1) cache_credentials option

turn it on will allow offline authentication. 

Testing 1:

        turn cache_credentials on, all other timeout value remains default 

        change the password on ldap, try to authenticate again, and immediately, it asked for the new password

From the test result, I'm assuming that if ldap server is online, this credentials cache won't be used , correct ? So this cache here is only for "high availability" but has nothing to do with "high performance". This confused me a bit, as I always think cache is a mechanism for high performance.

2) entry_cache_nowait_percentage and entry_cache_timeout options

Testing 2:

       I set the timeout to 60 seconds, percentage remains default

       I moved one user from group1 to group2 on ldap, but I did an "id user" on client, still showing the old data.

So this cache is for user identities , and it's for "high performance". Correct ?

And is there any materials which cover all the sssd caching stuff ? 

Thanks,

Aaron