Search and LDAP control properties
Search and LDAP control properties are used to configure search strategy and LDAP control.
For more information about setting these parameters for your environment, see the tuning guide provided for IBM Security Identity Manager.
Properties used to configure search strategy and LDAP control.
enrole.search.sss.enable Do not modify this property key and value.
Specifies whether Server Side Sorting is used for searches of the directory server. Enabling server-side sorting with this property can have a large negative impact when you view large organizational units. It is suggested that you disable this option in most environments.
Example (default).
enrole.search.sss.enable=falseenrole.search.vlv.enable Do not modify this property key and value.
Specifies whether Virtual List View (VLV) is used for all return data from the directory server. This property can be enabled only when supported by the directory server. This option reduces the memory load on the application server but places a significant load on the LDAP server.
Example (default).
enrole.search.vlv.enable=falseenrole.search.paging.enable Do not modify this property key and value.
Specifies whether Paged Sorting is used for searches of the directory server. This option reduces the memory load on the application server. Enabling it is not suggested because the directory server might place a limit on the number of outstanding paged searches.
Example (default).
enrole.search.paging.enable=falseenrole.search.paging.pagesize Do not modify this property key and value.
Specifies the page size used for paged LDAP searches when enrole.search.paging.enable=true.
Example (default).
enrole.search.paging.pagesize=128enrole.search.cache.enable Do not modify this property key and value.
Specifies the use of cached searching to speed up LDAP searches.
Example (default).
enrole.search.cache.enable=trueenrole.search.cache.secondary.enable Do not modify this property key and value.
Specifies the use of secondary cached searching to speed up LDAP searches.
Example (default).
enrole.search.cache.secondary.enable=trueenrole.search.cache.secondary.filter.1 Do not modify this property key and value.
Use a filter fragment for people to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.
Example (default).
enrole.search.cache.secondary.filter.1=ou=peopleenrole.search.cache.secondary.filter.2 Do not modify this property key and value.
Use a filter fragment for accounts to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.
Example (default).
enrole.search.cache.secondary.filter.2=ou=accountsenrole.search.cache.secondary.filter.3 Do not modify this property key and value.
Use a filter fragment for the systemuser to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.
Example (default).
enrole.search.cache.secondary.filter.3=ou=systemuserenrole.search.cache.secondary.filter.4 Do not modify this property key and value.
Use a filter fragment for orphan accounts to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.
Example (default).
enrole.search.cache.secondary.filter.4=ou=orphansenrole.search.clientside.filtering.enable Do not modify this property key and value.
Specifies the use of client-side filtering as a performance alternative on complex LDAP searches.
Example (default).
enrole.search.clientside.filtering.enable=trueenrole.search.strategy Do not modify this property key and value.
Java™ class that defines the search strategy to process the return data from the directory server..
Strategy values include.
- com.ibm.itim.apps.ejb.search.EnumeratedSearch (process data on demand)
Avoids the use of collections, if possible. Maintains a cache of the number of search links multiplied by the page size. The underlying connection is closed when the page cache is filled. Access control items are applied as results are retrieved.
- com.ibm.itim.apps.ejb.search.CollectedSearch (process all data) This is the previous search mechanism, which converts the search results into a collection and sort it. Applying access control items on the collection as pages are retrieved. The underlying LDAP connection is freed as soon as the results are transformed into a collection.
Example (default).
enrole.search.strategy=com.ibm.itim.apps.ejb.search.EnumeratedSearchenrole.search.limit Specifies the maximum number of items to return by a SOAP search API..
The SOAP search API will not retrieve more than the specified number of items. Use only positive integers or zero. Specifying a value of 0 indicates that there is no maximum limit to the number of items to be returned..
Example.
enrole.search.limit=0enrole.recyclebin.enable Disable use of the recycle bin for a majority of objects to improve search times.
Example (default for new installations).
enrole.recyclebin.enable=falseParent topic: System property configuration in enRole.properties