JVM Tuning for LDAP connection Pooling

Both Content Platform Engine and the J2EE application server use JNDI to communicate with the directory service. Although JNDI provides LDAP connection pool features which help improve performance, by default, the SSL/TLS connections to any LDAP server are not pooled in the application server JVM.  You must manually enable this feature by adding JNDI system properties.

How to enable LDAP connection pooling on the application server:

A. Oracle WebLogic Server:

1. Stop WebLogic Server.

2. Open startWebLogic.cmd (Windows) or startWebLogic.sh (UNIX/Linux) from <WebLogic_home>\user_projects\domains\<domain>\bin folder.

3. Add the following system properties to the JAVA_OPTS variable:

-Dcom.sun.jndi.ldap.connect.pool.timeout=300000
"-Dcom.sun.jndi.ldap.connect.pool.protocol=plain ssl"

On UNIX/Linux platforms, you need to use escape characters for double quotes and need to put the JAVA_OPTS variable in double quotes when launching Java.
(For bash shell, you can use backslash (\) to escape double quotes.)

4. Save the changes and restart the application server.


B. WebSphere Application Server:

1. Login to WebSphere Integrated Solutions Console.

2. Click Server > Application Servers > <server> > Server Infrastructure > Java and Process Management > process definition > Java Virtual Machine

3. In the generic JVM arguments field, add the following (all entries on one line separated by a space).

-Dcom.sun.jndi.ldap.connect.pool.timeout=300000
"-Dcom.sun.jndi.ldap.connect.pool.protocol=plain ssl"

(On a WebSphere cluster environment, this configuration must be implemented on all JVMs that are hosting the Content Engine application.)

4. Save the changes and restart the application server.

C: Containerized deployments:

1. Modify the custom resource YAML (CR) used to deploy FileNet with the Content Platform Engine and add the following to the spec.ecm_configuration.cpe section:

2. Apply the modified CR to the FileNet deployment.

3. Wait for the operator reconcile to apply the changes and restart the Content Platform Engine deployment.

Important: The above pooling configuration is a starting point for the P8 system; your system administrator should review the JVM JNDI connection pooling specification and monitor the test and production environment, to adjust the configuration for optimal stability and performance. If the pool maxsize is not used then the pool size is dynamically managed by the JVM pool manager. The idle connection will be used before creating new connections and connections are closed when the idle time expires. Please note that if the connection pool maxsize parameter is set, it has to be able to withstand the peak workload on the CPE system without (or with very few) pending requests, otherwise the system could encounter failures including but not limited to application server JVM hang. System administrators can use the netstat command, the Directory Server access log, or their preferred tool to monitor LDAP connection and other system resource usage to adjust the connection pool configuration as needed.

The connection pool timeout must be less than the directory server idle connection timeout. Refer to your directory server documentation to identify how to adjust the idle connection timeout. If the load balancer is used to load balance directory servers, then the JNDI connection pool timeout must be less than the load balancer idle connection timeout.

The JNDI connection pooling is managed by the JVM. Visit the following link for more information on JNDI connection pooling:

Connection Pooling Configuration
http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html