22-8 Oracle Fusion Middleware Performance and Tuning Guide

22.4.6 Server Entry Cache

The Oracle Internet Directory server entry cache enables LDAP entries to be cached on the Oracle Internet Directory server process heap for better performance. Configuring the entry cache provides benefits if, and only if, all or most entries can be cached.

22.4.6.1 When to Use the Entry Cache

Consider using Oracle Internet Directory Server Entry Cache only under the following conditions: ■ The total number of entries in Oracle Internet Directory can be fully or mostly cached. This is usually the case for deployments with fewer than 500K entries in Oracle Internet Directory on a 32-bit system ■ The number of concurrent clients is low, typically less than 100 ■ You are not using a cluster configuration ■ You do not require the LDAP server instance to be multiprocess. ■ You expect a very low update rate, especially on group entries. ■ You are not using a second, dedicated LDAP server instance for replication or Oracle Directory Integration Platform ■ Very few applications are using Oracle Internet Directory ■ You have no large binary values or large group entries, and updates on binary and group entries are infrequent.

22.4.6.2 Benefits of Using the Entry Cache

Benefits of using the entry cache include: ■ LDAP search operations with subtree and one-level scope are about twice as fast. ■ LDAP search operations with base scope are about five times as fast. These benefits apply only when all or most entries can be cached. A cache miss is more expensive than disabling the entry cache.

22.4.6.3 Values for Configuring the Entry Cache

You can configure and optimize the server entry cache by setting the values shown in Table 22–5 . See Also: ■ The Managing Password Policies chapter in Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory. ■ The Managing Password Verifiers chapter in Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory. Note: The server entry cache is beneficial for small directory deployments only Some of the tuning recommendations here contradict the tuning recommendations in the earlier sections. Review the applicability of entry cache to a given deployment and incorporate the tuning mentioned in this section only if all considerations enumerated here are met. Oracle Internet Directory Performance Tuning 22-9 For example, if the total size of the DIT is 300K and total size of 300K entries in LDIF format is 500M, you would set orclecacheenabled to 1, orclecachemaxsize to 1500000000, and orclecachemaxentries to 300000. If the size of the largest group entry or entry with binary value is 10M, you would set orclecachemaxentsize to 10000000. To configure the attributes, see Section 22.12.1, Modifying Instance-Specific Attributes by Using Fusion Middleware Control and Section 22.12.3, Modifying Attributes by Using ldapmodify.

22.4.7 Tuning Security Event Tracking

The instance-specific configuration entry attributes orcloptrackmaxtotalsize and orcloptracknumelemcontainers control how much memory is used for security event tracking. The attribute orcloptrackmaxtotalsize specifies the maximum number of bytes of RAM that security events tracking can use for each type of operation. If the Directory Server exceeds this limit for information collected for an operation, the server stops collecting new information and records appropriate messages in server log files. For the compare operation, the Directory Server uses twice the value of the attribute, which is the combined amount of information about users performing compare operation and users whose passwords are being compared. The default value of orcloptrackmaxtotalsize is 100000000 Bytes, which should be sufficient for most deployments. It can be increased to 200MB. For information about modifying orcloptrackmaxtotalsize, see the instance-specific configuration attribute examples in Section 22.12.3, Modifying Attributes by Using ldapmodify. The attribute orcloptracknumelemcontainers allows you to choose the number of in-memory cache containers to be allocated for security event tracking in the Oracle Internet Directory server. There are two subtypes for this attribute. They are 1stlevel and 2ndlevel. The 1stlevel subtype is for setting the number of in-memory cache containers for storing information about users performing Table 22–5 Server Entry Cache Configuration Attribute Default Recommend ed Value Notes orclmaxcc 2 Total number of processor cores on the node Restart the server after changing this attribute. orclserverpro cs 1 1 For values greater than 1, entry cache is automatically disabled. Restart the server after changing this attribute. orclecacheena bled 1 1 orclecachemax size 200000000 Bytes Total size of the directory, in bytes Estimate three times the size of the entries in LDIF format orclecachemax entries 100000 Total number of entries in the DIT orclecachemax entsize 1000000 Size, in bytes, of the largest entry in the DIT The largest entry is usually a group entry or an entry with binary attribute values.