Disabling Persistent Searches

Each active persistent search requires an open TCP connection between OpenSSO Enterprise server and Directory Server, which can cause a performance overhead on Directory Server. Therefore, use persistent searches only for essential tasks and close any idle LDAP connections when they are no longer required.

If you determine that improving performance is critical for your deployment, the com.sun.am.event.connection.disable.list property allows you to disable persistent searches.

Before disabling a persistent search, however, you should understand the consequences. The com.sun.am.event.connection.disable.list property was introduced primarily to avoid overhead on Directory Server when multiple version 2.1 J2EE policy agents were used, because each agent established persistent searches. OpenSSO Enterprise does not support version 2.1 policy agents, and version 2.2 and version 3.0 J2EE policy agents do not establish persistent searches.

A component with a disabled persistent search does not receive notifications from Directory Server. Consequently, changes made in Directory Server are not be notified to the component cache, and the component cache can go stale. For example, if you disable persistent searches for changes in the user data store (um), OpenSSO Enterprise server does not receive notifications from Directory Server for any changes to the user data store. Therefore, an agent does not get notifications from OpenSSO Enterprise to update its local user cache with any new values for user attributes. Then, if an application queries the agent for user attributes, the application might receive old values for the attributes.

Disabling persistent searches for a component is recommended only if absolutely required for a deployment. For example, if you know that changes to the configuration data store (service management (sm) node) will not happen in an environment, you can disable the persistent search for this component. However, if any changes do occur for any of the services, a server restart is required to get the changes. This situation also applies to persistent searches for changes to the aci attribute and user data store (sm).

To Disable Persistent Searches Using the Console

1. Log in to the Admin Console as amadmin.

2. Click Configuration, Servers and Sites, server-name, SDK, and then Event Service.

3. In the Disable Event Service Connection field, specify aci, sm, or um (or a combination, with each item separated by a comma).

4. Click Save and log out of the Console.

5. Restart the OpenSSO Enterprise web container.

Disabling Persistent Searches by Setting the com.sun.am.event.connection.disable.list Property

You can also disable persistent searches by setting the com.sun.am.event.connection.disable.list property, using the ssoadm command, to one or more of the following values: aci, sm, or um.

Values are case insensitive. To specify multiple values, separate each value with a comma. For example:

To disable all persistent search connections: com.sun.am.event.connection.disable.list=aci,sm,um

To disable persistent searches for ACI changes only: com.sun.am.event.connection.disable.list=aci

To disable persistent searches for configuration data store changes only: com.sun.am.event.connection.disable.list=sm

To disable persistent searches for user data store changes only: com.sun.am.event.connection.disable.list=um

To disable persistent searches for configuration data store and user data store changes: com.sun.am.event.connection.disable.list=sm,um

Re-Enabling Persistent Searches

If you need to re-enable a persistent search that you have disabled, follow the instructions in the previous section using the Admin Console, however, leave a blank for the search (or searches) you want to re-enable.

You can also re-enable one or more persistent searches by setting set the com.sun.am.event.connection.disable.list property to a blank value for each specific search you want to re-enable. For example, to re-enable the search for configuration data store and aci changes, but leave the search disabled for user data store changes, set the property as follows:

com.sun.am.event.connection.disable.list=um

When you are finished, restart the OpenSSO Enterprise web container

To Disable Persistent Searches for a Data Store

1. Log in to the Admin Console as amadmin.

2. Click Access Control, realm-name, Data Stores, data-store-name.

3. Set the Persistent Search Base DN field to blank.

4. Click Save and log out of the Console.

5. Restart the OpenSSO Enterprise web container.