Changing LDAP contextPool settings
Change the contextPool settings to suit your Lightweight Directory Access Protocol (LDAP) server load.
The LDAP contextPool parameters are listed in the following tables. For more information, see LDAP User Registry (ldapRegistry) .
Note: Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry.
For example, 1s500ms is equivalent to 1.5 seconds. This note is applicable only to the LDAP_CTX_POOL_TIMEOUT
and LDAP_CTX_POOL_WAITTIME
parameters. Also, the LDAP_CTX_POOL_TIMEOUT
must be set lesser than
the idle timeout on a firewall (or backend server) for it to be effective.
Parameter | Description | Default value |
---|---|---|
LDAP_CTX_POOL_INITSIZE |
An integer value that determines the initial size of the context pool. Set this value based on the load on the repository. | 10 |
LDAP_CTX_POOL_MAXSIZE |
An integer value that defines the maximum context pool size. Set this value based on the maximum load on the repository. | 50 |
LDAP_CTX_POOL_PREFERREDSIZE |
Maximum number of attributes per LDAP entity that are cached. | 10 |
LDAP_CTX_POOL_TIMEOUT |
The duration after which the context pool times out. | 30s |
LDAP_CTX_POOL_WAITTIME |
The time interval that the request waits until the context pool checks again if an idle context instance is available in the pool when the number of context instances reaches the maximum pool size. | 60s |
Changing the parameter values by using kubectl
To change the parameter values, complete the following steps:
-
Install the Kubernetes CLI (kubectl) tool.
-
Edit the
platform-auth-idp
ConfigMap.kubectl -n <your-foundational-services-namespace> edit configmap platform-auth-idp
-
Change the following attribute values as required:
LDAP_CTX_POOL_INITSIZE
LDAP_CTX_POOL_MAXSIZE
LDAP_CTX_POOL_PREFERREDSIZE
LDAP_CTX_POOL_TIMEOUT
LDAP_CTX_POOL_WAITTIME
-
Save and close the ConfigMap.
-
Restart the
platform-auth-service
podskubectl -n <your-foundational-services-namespace> delete pod -l k8s-app=platform-auth-service
-
Wait for some time. Then, check the status of the
platform-auth-service
pods. The status must show as4/4 Running
for all the pods.kubectl -n ibm-common-services get pods | grep platform-auth-service
Changing the parameter values by using the console
Complete the following steps:
- Log in to the OpenShift Container Platform console as a user with cluster administrator access.
- From the navigation menu, click Workloads > Config Maps.
- Search for
platform-auth-idp
. - Click ... > Edit Config Map.
- Change the following attribute values as required:
LDAP_CTX_POOL_INITSIZE
LDAP_CTX_POOL_MAXSIZE
LDAP_CTX_POOL_PREFERREDSIZE
LDAP_CTX_POOL_TIMEOUT
LDAP_CTX_POOL_WAITTIME
- Click Save.
- From the navigation menu, click Workloads > Deployments.
- Locate
platform-auth-service
. - Click ... > Edit Deployment. A window for editing displays.
- Click Save without making any change. This step is to reload the
platform-auth-service
pods with the latest ConfigMap values. - Click
platform-auth-service
. - Wait for some time. Then, check the status of the
platform-auth-service
pods in the Pods pane. The status of all the pods must show as4/4
under the Ready field name.