Maybe it is actually simpler than that. Invalidating the cache as a
whole probably never makes sense. In fact there are two reasons for
invalidation:
- The pw_name, pw_shell, pw_home, pw_gecos settings for a user changed.
- The interface to the DC was broken and there are entries of the type
Achim mentioned, "DOM+User(RID)".
The first case can only be fixed by invalidating the cache on a regular
basis. If we didn't fetch the info for a user for, say, 5 minutes, drop
the entry from the cache and renew the information by asking the DC
again.
As for the second case, the DOM+User(RID) entries are undesired and
wrong anyway. So maybe the caching code could do what you said in the
first place. Invalidate the cache on every network change. But then,
only invalidate the entries of the aforementioned type.