Disabling Persistent Searches in Directory Server

Access Manager uses persistent searches to receive information about Sun Java System Directory Server entries that change. By default, Access Manager creates the following persistent search connections during server startup:

• aci - To receive changes to the aci attribute, with the search using the LDAP filter (aci=*).

• sm - To receive changes in the Access Manager information tree (service management node), which includes objects with the sunService or sunServiceComponent marker object class. For example, creation of a new policy to define access privileges for a protected resource or changes to the rules, subjects, conditions, or response providers for an existing policy.

• um - To receive changes in the user directory (user management node). For example, changes to a user's name or address.

Persistent searches can cause performance overhead on Directory Server. If you determine that improving performance is critical in a production environment, disable persistent searches using the com.sun.am.event.connection.disable.list property.

Do not disable persistent searches unless the performance improvement is required for your deployment. The com.sun.am.event.connection.disable.list property was introduced primarily to avoid overhead on Directory Server when multiple version 2.1 J2EE agents are used, because each of these agents establishes these persistent searches. The version 2.2 J2EE agents no longer establish these persistent searches.

For example, if you disable persistent searches for changes in the user directory (um), the Access Manager server will not receive notifications from Directory Server. Therefore, an agent would not get notifications from Access Manager to update its local user cache with the new values for the user attribute. Then, if an application queries the agent for the user attributes, it might receive the old value for that attribute.

Or, if you know that Service Configuration changes (related to changing values to any of services such as Session Service and Authentication Services) will not happen in production environment, you can disable the persistent search to the Service Management (sm) component. However, if any changes do occur for any of the services, a server restart would be required. The same condition also applies to other persistent searches, as specified by the aci and um values.

To Disable Persistent Searches

1. Set the com.sun.am.event.connection.disable.list property in the AMConfig.properties file to one or more of the following values, previously described in this section: aci, sm, um.

   Values are case insensitive. To specify multiple values, separate each value with a comma. For example:

   com.sun.am.event.connection.disable.list=sm,um

2. Restart the Access Manager web container for the new property value to take effect.

Enabling a Persistent Search

If you later want to enable a persistent search that you have disabled, set the property to a blank value for the specific search. For the previous example, to enable the search for Access Manager information tree (service management node) changes but leave the search disabled for user directory (user management node) changes, set the property as follows:

com.sun.am.event.connection.disable.list=um