Changing LDAP contextPool settings

Change the contextPool settings to suit your Lightweight Directory Access Protocol (LDAP) server load.

The LDAP contextPool parameters are listed in the following tables. For more information, see LDAP User Registry (ldapRegistry) Opens in a new tab.

Note: Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. This note is applicable only to the LDAP_CTX_POOL_TIMEOUT and LDAP_CTX_POOL_WAITTIME parameters. Also, the LDAP_CTX_POOL_TIMEOUT must be set lesser than the idle timeout on a firewall (or backend server) for it to be effective.

Table 1. LDAP contextPool parameter properties
Parameter Description Default value
LDAP_CTX_POOL_INITSIZE An integer value that determines the initial size of the context pool. Set this value based on the load on the repository. 10
LDAP_CTX_POOL_MAXSIZE An integer value that defines the maximum context pool size. Set this value based on the maximum load on the repository. 50
LDAP_CTX_POOL_PREFERREDSIZE Maximum number of attributes per LDAP entity that are cached. 10
LDAP_CTX_POOL_TIMEOUT The duration after which the context pool times out. 30s
LDAP_CTX_POOL_WAITTIME The time interval that the request waits until the context pool checks again if an idle context instance is available in the pool when the number of context instances reaches the maximum pool size. 60s

Changing the parameter values by using kubectl

To change the parameter values, complete the following steps:

  1. Install the Kubernetes CLI (kubectl) tool.

  2. Edit the platform-auth-idp ConfigMap.

     kubectl -n <your-foundational-services-namespace> edit configmap platform-auth-idp
    
  3. Change the following attribute values as required:

    • LDAP_CTX_POOL_INITSIZE
    • LDAP_CTX_POOL_MAXSIZE
    • LDAP_CTX_POOL_PREFERREDSIZE
    • LDAP_CTX_POOL_TIMEOUT
    • LDAP_CTX_POOL_WAITTIME
  4. Save and close the ConfigMap.

  5. Restart the platform-auth-service pods

     kubectl -n <your-foundational-services-namespace> delete pod -l k8s-app=platform-auth-service
    
  6. Wait for some time. Then, check the status of the platform-auth-service pods. The status must show as 4/4 Running for all the pods.

     kubectl -n ibm-common-services get pods | grep platform-auth-service
    

Changing the parameter values by using the console

Complete the following steps:

  1. Log in to the OpenShift Container Platform console as a user with cluster administrator access.
  2. From the navigation menu, click Workloads > Config Maps.
  3. Search for platform-auth-idp.
  4. Click ... > Edit Config Map.
  5. Change the following attribute values as required:
    • LDAP_CTX_POOL_INITSIZE
    • LDAP_CTX_POOL_MAXSIZE
    • LDAP_CTX_POOL_PREFERREDSIZE
    • LDAP_CTX_POOL_TIMEOUT
    • LDAP_CTX_POOL_WAITTIME
  6. Click Save.
  7. From the navigation menu, click Workloads > Deployments.
  8. Locate platform-auth-service.
  9. Click ... > Edit Deployment. A window for editing displays.
  10. Click Save without making any change. This step is to reload the platform-auth-service pods with the latest ConfigMap values.
  11. Click platform-auth-service.
  12. Wait for some time. Then, check the status of the platform-auth-service pods in the Pods pane. The status of all the pods must show as 4/4 under the Ready field name.