Filter
Top Products
IBM Tivoli Identity Manager Performance Tuning Guide
Page 17
Determining the values
max_connections – The maximum number of connections that the LDAP server will accept. Set
this value to 20 more than the
enrole.connectionpool.maxpoolsize specified in the
enRole.properties file.
Setting the values
1) Edit
GLD.CNFOUT(SLAPDCNF)
2) Modify the maxConnections value to max_connections.
3) Restart LDAPSRV
6.4 Changelog limits
The LDAP Server changelog can be limited either by the number of entries or the maximum age of an
entry. High LDAP add or modify operation rates initiated by Tivoli Identity Manager can result in lock
escalations due to the large volume of entries being added and removed from the changelog. For this
reason, it is recommended that the changelog be limited by the maximum age of an entry
(changeLogMaxAge) instead of the number of entries (changeLogMaxEntries). Both of these values can
be set in
GLD.CNFOUT(SLAPDCNF).
6.5 Row locking on SEARCHTS
To improve locking parallelism, particularly on single server installations, it is recommended to change the
locking on SEARCHTS table space in GLDDB and GLDDBG databases to row level. This can be done
with the following DB2 commands:
ALTER TABLESPACE GLDDB.SEARCHTS LOCKSIZE ROW;
ALTER TABLESPACE GLDDBG.SEARCHTS LOCKSIZE ROW;
These commands can be executed from SPUFI interface, option 6 using SYSADM login.
6.6 Indexing
Indexing the attributes that applications search on increases LDAP Server performance. The LDAP
Server indexes are automatically translated into IBM DB2 indexes when you update the LDAP Server
schema for those attributes.
If you extend the LDAP schema in LDAP Server to include additional attributes, index those attributes that
you will search for. Any filter in the Tivoli Identity Manager application (such as with dynamic roles) is
translated into a search string for the LDAP Server.
The Tivoli Identity Manager application frequently searches against the organization (o), organizational
unit (ou), and owner attributes.
After updating the LDAP schema, run DB2
runstats on the database to update the statistics for the newly
created indexes.
In addition, the following DB2 index has shown to increase performance and is required by the LDAP JCL
REORG and RUNSTATS scripts:
CREATE UNIQUE INDEX LDAPSRV.DIR_DESCX2
ON LDAPSRV.DIR_DESC( AEID, DEID )
USING STOGROUP SYSDEFLT PRIQTY 22000 SECQTY 10000
CLOSE NO BUFFERPOOL BP1 DEFER NO;
6.7 Runstats
See the IBM DB2 - Reorg and Runstats section.