Limiting System Resources Used By Directory Server (Oracle Fusion Middleware Deployment Planning Guide for Oracle Directory Server Enterprise Edition)

Oracle Fusion Middleware Deployment Planning Guide for Oracle Directory Server Enterprise Edition

Limiting System Resources Used By Directory Server

Table 6–2 describes the parameters that can be used to tune how a Directory Server instance uses system and network resources.

Table 6–2 Tuning Recommendations For System Resources


Tuning Parameter	Description
Attribute `nsslapd-listenhost` on `dn: cn=config`	Sets the hostname for the IP interface on which Directory Server listens. This attribute is multivalued. You set this attribute with the `ldapmodify` command. Default behavior is to listen on all interfaces. The default behavior is adapted for high volume deployments using redundant network interfaces for availability and throughput. Consider setting this value when deploying on a multihomed system, or when listening only for IPv4 or IPv6 traffic on a system supporting each protocol through a separate interface. Consider setting `nsslapd-securelistenhost` when using SSL.
Server property `file-descriptor-count`	Sets the maximum number of file descriptors Directory Server attempts to use. You set this server property with the `dsconf set-server-prop` command. The default value is the maximum number of file descriptors allowed for a process on the system at the time when the Directory Server instance is created. The maximum value corresponds to the maximum number of file descriptors allowed for a process on the system. Refer to your operating system documentation for details. Directory Server uses file descriptors to handle client connections, and to maintain files internally. If the error log indicates Directory Server sometimes stops listening for new connections because not enough file descriptors are available, increasing the value of this attribute may increase the number of client connections Directory Server can handle simultaneously. If you have increased the number of file descriptors available on the system, set the value of this attribute accordingly. The value of this property should be less than or equal to the maximum number of file descriptors available on the system.
Attribute `nsslapd-nagle` on `dn: cn=config`	Sets whether to delay sending of TCP packets at the socket level. You set this attribute with the `ldapmodify` command. Consider setting this to `on` if you need to reduce network traffic.
Attribute `nsslapd-reservedescriptors` on `dn: cn=config`	Sets the number of file descriptors Directory Server maintains to manage indexing, replication and other internal processing. Such file descriptors become unavailable to handle client connections. You set this attribute with the `ldapmodify` command. Consider increasing the value of this attribute from the default of 64 if all of the following are true. Directory Server replicates to more than 10 consumers or Directory Server maintains more than 30 index files. Directory Server handles a large number of client connections. Messages in the error log suggest Directory Server is running out of file descriptors for operations not related to client connections. Notice that as the number of reserved file descriptors increases, the number of file descriptors available to handle client connections decreases. If you increase the value of this attribute, consider increasing the number of file descriptors available on the system, and increasing the value of `file-descriptor-count`. If you decide to change this attribute, for a first estimate of the number of file descriptors to reserve, try setting the value of `nsslapd-reservedescriptors` according to the following formula. 20 + 4 * (number of databases) + (total number of indexes) + (value of nsoperationconnectionslimit) * (number of chaining backends) + ReplDescriptors + PTADescriptors + SSLDescriptors Here `ReplDescriptors` is number of supplier replica plus 8 if replication is used. `PTADescriptors` is 3 if the Pass Through Authentication, PTA, plug-in is enabled, and 0 otherwise. `SSLDescriptors` is 5 if SSL is used, and 0 otherwise. The number of databases is the same as the number of suffixes for the instance, unless the instance is configured to use more than one database per suffix. Verify estimates through empirical testing.
Attribute `nsslapd-securelistenhost` on `dn: cn=config`	Sets the hostname for the IP interface on which Directory Server listens for SSL connections. This attribute is multivalued. You set this attribute with the `ldapmodify` command. Default behavior is to listen on all interfaces. Consider this attribute in the same way as `nsslapd-listenhost`.
Server property `max-thread-count`	Sets the number of threads Directory Server uses. You set this server property with the `dsconf set-server-prop` command. Consider adjusting the value of this property if any of the following are true. Client applications perform many simultaneous, time-consuming operations such as updates or complex searches. Directory Server supports many simultaneous client connections. Multiprocessor systems can sustain larger thread pools than single processor systems. As a first estimate when optimizing the value of this attribute, use two times the number of processors or 20 plus the number of simultaneous updates. Consider also adjusting the maximum number of threads per client connection, `max-threads-per-connection-count`. The maximum number of these threads handling client connections cannot exceed the maximum number of file descriptors available on the system. In some cases, it may prove useful to `reduce`, rather than increase, the value of this attribute. Verify estimates through empirical testing. Results depend not only on the particular deployment situation but also on the underlying system.