Tuning federated LDAP repositories in Liberty

You can improve the performance of the federated LDAP repositories by monitoring and adjusting the cache and the context pool elements in the server.xml file.

About this task

The cached query results of the LDAP repositories save time, because the data need not be retrieved from the back-end server every time an LDAP operation is performed. The LDAP cache attributes are stored in the <ldapCache> element for quicker access. You must monitor the status of the cache and adjust the cache control parameters to improve the performance of the cache. The context pooling parameters can be adjusted to improve the performance of concurrent accesses to the LDAP servers.

Procedure

  • Configure the <ldapCache> element in the server.xml file.
    Specify the LDAP cache control parameters to improve the performance:
    attributesCache
    <size>: Specifies the number of entities that are stored in the cache. You can increase the size of the cache based on your business requirement, for example, increase the cache size if more number of entities are required in a business scenario.
    <timeout>: Specifies how long the results can be cached before they are invalidated. If the back-end LDAP data is refreshed frequently to maintain an up-to-date cache, set a lesser timeout duration value.
    <sizeLimit>: Specifies the maximum number of LDAP attributes per entity that can be stored in the cache. If an entity is associated with many attributes, increase the <sizeLimit> value.
    searchResultSizeLimit
    Specifies the maximum number of search results that can be stored in the cache. Use the parameters in the <searchResultSizeLimit> element to tune the search results that are returned as part of the query.
  • Configure the <contextPool> element parameters in the server.xml file to improve the performance of concurrent access to an LDAP server.
    You can adjust the following parameters in the <contextPool> element to control the cache:
    contextPool
    <initialSize>: Specifies the initial size of the context pool. The value must be set based on the load on the repository. If the initial number of requests to the LDAP server is expected to be high, increase the value of the initial size.
    <maxSize>: Specifies the maximum context pool size. The value must be set based on the load on the repository. If you want to restrict the number of connections to the LDAP server, then set the value of the <maxSize> element to less than half of the maximum number of connections that the LDAP server can handle.
    <timeout>: Specifies the duration after which the context pool times out. Specify a shorter timeout value so that fresh connections can be made to the LDAP server after the specified duration is timed out. For example, if the established connection is timed out after the configured interval, then set a shorter duration than the firewall timeout duration so that the connection is re-established.
    <waitTime>: Specifies the waiting time before the context pool times out. If the value specified is high, then the time that is taken to establish a connection to the LDAP server is increased accordingly.

    For more information about the <ldapCache> and <contextPool> elements, see LDAP User Registry.