You can improve the performance of the federated LDAP repositories by monitoring and
adjusting the cache and the context pool elements in the server.xml
file.
About this task
The cached query results of the LDAP repositories save time, because the data need not be
retrieved from the back-end server every time an LDAP operation is performed. The LDAP cache
attributes are stored in the <ldapCache> element for quicker access. You must monitor the status
of the cache and adjust the cache control parameters to improve the performance of the cache. The
context pooling parameters can be adjusted to improve the performance of concurrent accesses to the
LDAP servers.
Procedure
-
Configure the <ldapCache> element in the server.xml file.
Specify the LDAP cache control parameters to improve the performance:
- attributesCache
- <size>: Specifies the number of entities that are stored in the cache. You can increase the
size of the cache based on your business requirement, for example, increase the cache size if more
number of entities are required in a business scenario.
- <timeout>: Specifies how long the results can be cached before they are invalidated. If the
back-end LDAP data is refreshed frequently to maintain an up-to-date cache, set a lesser timeout
duration value.
- <sizeLimit>: Specifies the maximum number of LDAP attributes per entity that can be stored in
the cache. If an entity is associated with many attributes, increase the <sizeLimit> value.
- searchResultSizeLimit
- Specifies the maximum number of search results that can be stored in the cache. Use the
parameters in the <searchResultSizeLimit> element to tune the search results that are returned as
part of the query.
-
Configure the <contextPool> element parameters in the server.xml file
to improve the performance of concurrent access to an LDAP server.
You can adjust the following parameters in the <contextPool> element to control the cache:
- contextPool
- <initialSize>: Specifies the initial size of the context pool. The value must be set based on
the load on the repository. If the initial number of requests to the LDAP server is expected to be
high, increase the value of the initial size.
- <maxSize>: Specifies the maximum context pool size. The value must be set based on the load
on the repository. If you want to restrict the number of connections to the LDAP server, then set
the value of the <maxSize> element to less than half of the maximum number of connections that
the LDAP server can handle.
- <timeout>: Specifies the duration after which the context pool times out. Specify a shorter
timeout value so that fresh connections can be made to the LDAP server after the specified duration
is timed out. For example, if the established connection is timed out after the configured interval,
then set a shorter duration than the firewall timeout duration so that the connection is
re-established.
- <waitTime>: Specifies the waiting time before the context pool times out. If the value
specified is high, then the time that is taken to establish a connection to the LDAP server is
increased accordingly.
For more information about the <ldapCache> and <contextPool> elements, see LDAP User Registry.