Configuring cache size for user groups and roles

If you are using IBM® Security Directory Server for your LDAP user registry, configure the size of the group members cache to meet your requirements for the number of user groups and roles.

About this task

IBM Security Directory Server defines a default group members cache size, so you might need to increase the size of the cache to meet your requirements. To increase the cache size, update the configuration options ibm-slapdGroupMembersCacheSize and ibm-slapdGropuMembersCacheBypassLimit. The default value for ibm-slapdGroupMembersCacheSize is 25 and the default value for ibm-slapdGropuMembersCacheBypassLimit is 2500.

1. Log on to the LDAP server as a root user.
2. To check the size of the group members cache, enter the following command, where ldap_install_path is the installation path and port_num is the port number for your IBM Security Directory Server:

   ldap_install_path/bin/idsldapsearch -h "localhost" -p port_num\
   -b cn=monitor -s base objectclass=* | grep "group_members_cache_size"

   For example,

   /opt/ibm/ldap/V6.4/bin/idsldapsearch -h "localhost" -p 389 -b cn=monitor -s base objectclass=*\
   | grep "group_members_cache_size"

3. Create an LDAP data interchange format (LDIF) file in the /tmp directory to update the ibm-slapdGroupMembersCacheSize and the ibm-slapdGropuMembersCacheBypassLimit configuration options to values that meet your requirements. The following sample LDIF content updates the values to 500 and 1000.

   # member cache size
   dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configuration
   changetype: modify
   replace: ibm-slapdGroupMembersCacheSize
   ibm-slapdGroupMembersCacheSize: 500
   
   # member cache size by pass limit
   dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configuration
   changetype: modify
   replace: ibm-slapdGroupMembersCacheBypassLimit
   ibm-slapdGroupMembersCacheBypassLimit: 1000

4. Enter the following command to use the LDIF file to update the configuration options, where ldap_install_path is the LDAP installation path, ldap_passwd is the password for your LDAP server, and filename.ldif is the name of your LDIF file:

   ldap_install_path/bin/idsldapmodify -D 'cn=root' -w ldap_passwd -i  /tmp/filename.ldif

5. Enter the following command to restart IBM Security Directory Server:

   ldap_install_path/sbin/ibmslapd -I dsrdbm01

6. Restart the WebSphere® Application Server Liberty Profile server. For more information, see Restarting the WebSphere Application Server Liberty Profile server.