Tuning federated LDAP repositories in Liberty

We can improve the performance of the federated LDAP repositories by monitoring and adjusting the cache and the context pool elements in server.xml.

The cached query results of the LDAP repositories save time, because the data need not be retrieved from the back-end server every time an LDAP operation is performed. The LDAP cache attributes are stored in the <ldapCache> element for quicker access. We must monitor the status of the cache and adjust the cache control parameters to improve the performance of the cache. The context pooling parameters can be adjusted to improve the performance of concurrent accesses to the LDAP servers.

  • Configure the <ldapCache> element in server.xml.

    Specify the LDAP cache control parameters to improve the performance:

      attributesCache

      <size>: Number of entities that are stored in the cache. We can increase the size of the cache based on your business requirement, for example, increase the cache size if more number of entities are required in a business scenario.

      <timeout>: Specifies how long the results can be cached before they are invalidated. If the back-end LDAP data is refreshed frequently to maintain an up-to-date cache, set a lesser timeout duration value.

      <sizeLimit>: Maximum number of LDAP attributes per entity that can be stored in the cache. If an entity is associated with many attributes, increase the <sizeLimit> value.

      searchResultSizeLimit

      Maximum number of search results that can be stored in the cache. Use the parameters in the <searchResultSizeLimit> element to tune the search results that are returned as part of the query.

  • Configure the <contextPool> element parameters in server.xml to improve the performance of concurrent access to an LDAP server. We can adjust the following parameters in the <contextPool> element to control the cache:

      contextPool

      <initialSize>: Initial size of the context pool. The value must be set based on the load on the repository. If the initial number of requests to the LDAP server is expected to be high, increase the value of the initial size.

      <maxSize>: Maximum context pool size. The value must be set based on the load on the repository. To restrict the number of connections to the LDAP server, then set the value of the <maxSize> element to less than half of the maximum number of connections that the LDAP server can handle.

      <timeout>: Specifies the duration after which the context pool times out. Specify a shorter timeout value so that fresh connections can be made to the LDAP server after the specified duration is timed out. For example, if the established connection is timed out after the configured interval, then set a shorter duration than the firewall timeout duration so that the connection is re-established.

      <waitTime>: Waiting time before the context pool times out. If the value specified is high, then the time that is taken to establish a connection to the LDAP server is increased accordingly.

    For more information about the <ldapCache> and <contextPool> elements, see LDAP User Registry.