Tuning the access to the LDAP server

Configure the pooling parameters to improve the performance of concurrent access to an LDAP server.

Virtual member manager supports two pooling mechanisms for LDAP repositories:

Connection pooling

The connection pooling mechanism is provided by the Java Runtime Environment (JRE) at the Java Naming and Directory Interface (JNDI) layer.

You can enable or disable connection pooling for each LDAP repository configured in virtual member manager. In the WebSphere Application Server administrative console, on the Global security > Federated repositories > Manage repositories > repository_name page, select the Use connection pooling option to enable the connection pooling mechanism. For information about accessing this page, read about Increasing the performance of the federated repository configuration in the WebSphere Application Server information center.

After you enable connection pooling, use the connection pooling settings to specify how the JNDI layer handles pooling. In the administrative console, use the Application servers > server_name > Process definition > Java Virtual Machine page to configure Java virtual machine (JVM) settings and specify the Generic JVM arguments. For information about accessing this page, read about Configuring the JVM in the WebSphere Application Server information center.

These settings affect all applications running on the server, not just virtual member manager. For more information about the properties used by the JNDI layer to configure the pool settings, read about Connect Pooling Configuration (http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html) on the Sun website.

Context pooling

Virtual member manager uses the context pooling mechanism to improve the performance of concurrent access to an LDAP server.

Context pooling works at a higher level than connection pooling. Each context entry in the context pool corresponds to a socket connection to the LDAP server. The bind credentials used by this pool are specified when configuring the LDAP repository.

In the administrative console, on the Global security > Federated repositories > Manage repositories > repository_name page, select the Enable context pool option to enable the context pooling mechanism and specify values for the context pool parameters. For more information on configuring context pooling through the administrative console, read about Lightweight Directory Access Protocol performance settings in the WebSphere Application Server information center.

You can also use the setIdMgrLDAPContextPool command to set the values for the context pool parameters. For more information about setting the context pooling parameters, read about the setIdMgrLDAPContextPool command of the IdMgrRepositoryConfig command group for the AdminTask object in the WebSphere Application Server information center.

Performance tuning

As context pooling has the same benefit as connection pooling, it is not necessary to enable connection pooling. By default, connection pooling is disabled in virtual member manager.

Enabling both context and connection pools may not provide any added performance benefit, and may produce adverse effects when performing concurrent authentications.

Most operations, such as create, search, update, or delete, are performed using an available context (DirContext) from the context pool. Each context is associated with one socket connection (when connection pooling is disabled). For these operations, the maximum number of sockets that virtual member manager opens against the LDAP server does not exceed the value specified for the maximum pool size parameter.

Concurrent authentications

Virtual member manager does not use the context pool to authenticate a user. Instead, it binds with the distinguished name and password of the authenticating user. When authenticating different users, this forces the JNDI layer to create a new socket connection for each authentication. If connection pooling is disabled, the socket is closed immediately after the authentication is completed. However, if connection pooling is enabled, the socket remains open until it times out. Therefore, if your application performs concurrent authentication, you must disable connection pooling to avoid the number of sockets that virtual member manager opens against the LDAP server from exceeding the capability of the server.

The maximum socket connections that virtual member opens for all operations (including authentications) is the value specified in maximum pool size plus the number of concurrent authentications. For example, if 250 clients log in and perform a search simultaneously, then 250 new sockets are opened to perform the authentication, in addition to the 250 sockets that are taken from the context pool to perform the search. The total number of sockets at this time may reach 500, but after the authentications are completed, the 250 new sockets that were opened for the authentication are closed, if connection pooling is disabled. If connection pooling is enabled, the 250 new sockets remain open until they time out.

The default values for context pooling are suitable for most environments. Use the following context pool settings for performance tuning, assuming that connection pooling is disabled:



Terms of use | Feedback
(C) Copyright IBM Corporation 2010. All Rights Reserved.
IBM virtual member manager 6.1