Chapitre 6. Adjusting IdM Directory Server performance
You can tune the performance of Identity Management’s databases by adjusting LDAP attributes controlling the Directory Server’s resources and behavior.
To adjust how the Directory Server caches data, see the following procedures:
To adjust the Directory Server’s resource limits, see the following procedures:
To adjust timeouts that have the most influence on performance, see the following procedures:
To install an IdM server or replica with custom Directory Server settings from an LDIF file, see the following procedure:
6.1. Adjusting the entry cache size
Red Hat recommends using the built-in cache auto-sizing feature for optimized performance. Only change this value if you need to purposely deviate from the auto-tuned values.
The nsslapd-cachememsize
attribute specifies the size, in bytes, for the available memory space for the entry cache. This attribute is one of the most important values for controlling how much physical RAM the directory server uses.
If the entry cache size is too small, you might see the following error in the Directory Server error logs in the /var/log/dirsrv/slapd-INSTANCE-NAME/errors
log file:
REASON: entry too large (83886080 bytes) for the import buffer size (67108864 bytes). Try increasing nsslapd-cachememsize.
Red Hat recommends fitting the entry cache and the database index entry cache in memory.
Default value |
|
Valid range |
|
Entry DN location |
|
Conditions préalables
- Le mot de passe du gestionnaire de répertoire LDAP
Procédure
Disable automatic cache tuning.
[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com backend config set --cache-autosize=0
Display the database suffixes and their corresponding back ends.
[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com backend suffix list cn=changelog (changelog) dc=example,dc=com (userroot) o=ipaca (ipaca)
This command displays the name of the back end database next to each suffix. Use the suffix’s database name in the next step.
Set the entry cache size for the database. This example sets the entry cache for the userroot database to 2 gigabytes.
[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com backend suffix set --cache-memsize=2147483648 userroot
Restart the Directory Server.
[root@server ~]# systemctl restart dirsrv.target
-
Monitor the IdM directory server’s performance. If it does not change in a desirable way, repeat this procedure and adjust
cache-memsize
to a different value, or re-enable cache auto-sizing.
Verification steps
Display the value of the
nsslapd-cachememsize
attribute and verify it has been set to your desired value.[root@server ~]# ldapsearch -D "cn=directory manager" -w DirectoryManagerPassword -b "cn=userroot,cn=ldbm database,cn=plugins,cn=config" | grep nsslapd-cachememsize nsslapd-cachememsize: 2147483648
Ressources supplémentaires
- nsslapd-cachememsize in Directory Server 11 documentation
- Re-enabling entry and database cache auto-sizing.