Search and LDAP control properties

Search and LDAP control properties are used to configure search strategy and LDAP control.

For more information about setting these parameters for your environment, see the tuning guide that is provided for IBM® Security Identity Manager.

Table 1 defines the properties used to configure search strategy and LDAP control.

Table 1. Search and LDAP control properties 
enrole.search.sss.enable
 

Do not modify this property key and value.

Specifies whether Server Side Sorting is used for searches of the directory server. Enabling server-side sorting with this property can have a large negative impact when you view large organizational units. It is suggested that you disable this option in most environments.

Example (default):

enrole.search.sss.enable=false
 
enrole.search.vlv.enable
 

Do not modify this property key and value.

Specifies whether Virtual List View (VLV) is used for all return data from the directory server. This property can be enabled only when supported by the directory server. This option reduces the memory load on the application server but places a significant load on the LDAP server.

Example (default):

enrole.search.vlv.enable=false
 
enrole.search.paging.enable
 

Do not modify this property key and value.

Specifies whether Paged Sorting is used for searches of the directory server. This option reduces the memory load on the application server. Enabling it is not suggested because the directory server might place a limit on the number of outstanding paged searches.

Example (default):

enrole.search.paging.enable=false
 
enrole.search.paging.pagesize
 

Do not modify this property key and value.

Specifies the page size used for paged LDAP searches when enrole.search.paging.enable=true.

Example (default):

enrole.search.paging.pagesize=128
 
enrole.search.cache.enable
 

Do not modify this property key and value.

Specifies the use of cached searching to speed up LDAP searches.

Example (default):

enrole.search.cache.enable=true
 
enrole.search.cache.secondary.enable
 

Do not modify this property key and value.

Specifies the use of secondary cached searching to speed up LDAP searches.

Example (default):

enrole.search.cache.secondary.enable=true
 
enrole.search.cache.secondary.filter.1
 

Do not modify this property key and value.

Use a filter fragment for people to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.

Example (default):

enrole.search.cache.secondary.filter.1=ou=people
 
enrole.search.cache.secondary.filter.2
 

Do not modify this property key and value.

Use a filter fragment for accounts to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.

Example (default):

enrole.search.cache.secondary.filter.2=ou=accounts
 
enrole.search.cache.secondary.filter.3
 

Do not modify this property key and value.

Use a filter fragment for the systemuser to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.

Example (default):

enrole.search.cache.secondary.filter.3=ou=systemuser
 
enrole.search.cache.secondary.filter.4
 

Do not modify this property key and value.

Use a filter fragment for orphan accounts to prevent LDAP search filters from getting cached. Filtered out LDAP search filters are cached in the secondary cache, if enabled.

Example (default):

enrole.search.cache.secondary.filter.4=ou=orphans
 
enrole.search.clientside.filtering.enable
 

Do not modify this property key and value.

Specifies the use of client-side filtering as a performance alternative on complex LDAP searches.

Example (default):

enrole.search.clientside.filtering.enable=true
 
enrole.search.strategy
 

Do not modify this property key and value.

Specifies the Java™ class that defines the search strategy to process the return data from the directory server.

Strategy values include:

  • com.ibm.itim.apps.ejb.search.EnumeratedSearch (process data on demand)

    Avoids the use of collections, if possible. Maintains a cache of the number of search links multiplied by the page size. The underlying connection is closed when the page cache is filled. Access control items are applied as results are retrieved.

  • com.ibm.itim.apps.ejb.search.CollectedSearch (process all data)

    This is the previous search mechanism, which converts the search results into a collection and sort it. Applying access control items on the collection as pages are retrieved. The underlying LDAP connection is freed as soon as the results are transformed into a collection.

Example (default):

enrole.search.strategy=com.ibm.itim.apps.ejb.search.EnumeratedSearch
 
enrole.search.limit
 

Specifies the maximum number of items to return by a SOAP search API.

The SOAP search API will not retrieve more than the specified number of items. Use only positive integers or zero. Specifying a value of 0 indicates that there is no maximum limit to the number of items to be returned.

Example:

enrole.search.limit=0
 
enrole.recyclebin.enable
 

Disable use of the recycle bin for a majority of objects to improve search times.

Example (default for new installations):

enrole.recyclebin.enable=false