Oracle Internet Directory Performance Tuning 22-9 For example, if the total size of the DIT is 300K and total size of 300K entries in LDIF format is 500M, you would set orclecacheenabled to 1, orclecachemaxsize to 1500000000, and orclecachemaxentries to 300000. If the size of the largest group entry or entry with binary value is 10M, you would set orclecachemaxentsize to 10000000. To configure the attributes, see Section 22.12.1, Modifying Instance-Specific Attributes by Using Fusion Middleware Control and Section 22.12.3, Modifying Attributes by Using ldapmodify.

22.4.7 Tuning Security Event Tracking

The instance-specific configuration entry attributes orcloptrackmaxtotalsize and orcloptracknumelemcontainers control how much memory is used for security event tracking. The attribute orcloptrackmaxtotalsize specifies the maximum number of bytes of RAM that security events tracking can use for each type of operation. If the Directory Server exceeds this limit for information collected for an operation, the server stops collecting new information and records appropriate messages in server log files. For the compare operation, the Directory Server uses twice the value of the attribute, which is the combined amount of information about users performing compare operation and users whose passwords are being compared. The default value of orcloptrackmaxtotalsize is 100000000 Bytes, which should be sufficient for most deployments. It can be increased to 200MB. For information about modifying orcloptrackmaxtotalsize, see the instance-specific configuration attribute examples in Section 22.12.3, Modifying Attributes by Using ldapmodify. The attribute orcloptracknumelemcontainers allows you to choose the number of in-memory cache containers to be allocated for security event tracking in the Oracle Internet Directory server. There are two subtypes for this attribute. They are 1stlevel and 2ndlevel. The 1stlevel subtype is for setting the number of in-memory cache containers for storing information about users performing Table 22–5 Server Entry Cache Configuration Attribute Default Recommend ed Value Notes orclmaxcc 2 Total number of processor cores on the node Restart the server after changing this attribute. orclserverpro cs 1 1 For values greater than 1, entry cache is automatically disabled. Restart the server after changing this attribute. orclecacheena bled 1 1 orclecachemax size 200000000 Bytes Total size of the directory, in bytes Estimate three times the size of the entries in LDIF format orclecachemax entries 100000 Total number of entries in the DIT orclecachemax entsize 1000000 Size, in bytes, of the largest entry in the DIT The largest entry is usually a group entry or an entry with binary attribute values. 22-10 Oracle Fusion Middleware Performance and Tuning Guide operations. The 2ndlevel subtype, which is applicable only to compare operation, sets the number of in-memory cache containers for information about the users whose userpassword is compared and tracked when detailed compare operation statistics is programmed. The default value of both subtypes is 256. The appropriate values for these subtypes depend on the number of users in your environment and the number of applications used to access the directory, as follows: ■ In a deployment where several applications perform operations on behalf of a large number of end users, set 1stlevel proportional to the number of applications, plus a few hundred more for end users directly accessing the directory. Then set 2ndlevel proportional to the number of end users. ■ In a deployment where end users themselves perform the operations, set 1stlevel proportional to the number of end users, then set 2ndlevel to a small value, such as 25. ■ A typical proportional value is one fifth. Proportions between one tenth and one half are reasonable in most environments. If your deployment requires it, set the values for orcloptracknumelemcontainers only when security events collection is turned on.

22.5 Low-Priority Tuning Considerations

This section describes attributes that can sometimes improve performance, but are considered low-priority.

22.5.1 Number of Entries to be Returned by a Search

The attribute orclsizelimit controls the maximum number of entries to be returned by a search. The default value is 10000. Setting it very high impacts server performance. It also plays a role in limiting the maximum number of changelogs the replication server can process at a time. See Section 22.12.3, Modifying Attributes by Using ldapmodify.

22.5.2 Enabling the Group Cache

The instance-specific subentry attribute orclenablegroupcache controls whether privilege groups and ACL groups are cached. Using this cache can improve the performance of access control evaluation for users. Use the group cache when a privilege group membership does not change frequently. If a privilege group membership does change frequently, then it is best to turn off the group cache. It is important to note that computing a group cache may affect performance. The default is 1 enabled. Change to 0 zero to disable. See Section 22.12.3, Modifying Attributes by Using ldapmodify.

22.5.3 Timeout for Write Operations

When an LDAP client initiates an operation, then does not respond to the server for a configured number of seconds, the server closes the connection. The number of seconds is controlled by the orclnwrwtimeout attribute of the instance-specific configuration entry. The default is 30 seconds.