Friday, May 30, 2008

Login into WebSphere Portal very slow with Sun ONE LDAP

Login into WebSphere Portal very slow with Sun ONE LDAP particularly when the user belongs to a group that has about thousands of users or more and the ldap is not providing you the capability to evaluate the group memberships from user object directly (nsRole:nsRole for SunONE directory if groups are created with Role inside SunONE ). For this case, group membership searches are performed by locating the user on the member list of groups and for some reason the search takes long time even though the attributes are indexed like uid or even the uniqueMemeber. In order to fix the problem please ask youe ldap administrator to do the following in the ldap instance,

1. create a file ldaptune.txt with the following:

dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-search-tune
nsslapd-search-tune: 49

2. Implement by running the below coomand:

ldapsearch -h -p -D "cn=directory manager" -w -f ldaptune.txt

3. Restart the LDAP instance

At this point, redo your search test. Search result time should be shorter. If you are still running into problems double check whether the parameter is set properly or contact Sun Support.

Info on the nsslapd-search-tune parameter can be viewed at:

http://blogs.sun.com/DirectoryManager/entry/the_truth_about_nsslapd_search

Bookmark and Share
Posted by onewebclick at 8:44 AM
Labels: , , , ,

3 comments:

Marc the Elliott said...

Love this. So IBM developers haven't figured out how to page through large collections gracefully yet? YEEESH!

October 31, 2008 at 1:21 PM
Anonymous said...

Marc sorry you might missunderstand. The jndi search for the groups a user is a member of is been tuned with this change. So Portal is not accessing the large collection on its own this is all done by SunLDAP itself.
But this is only one option the 2. option is to configure Portal to check the so colled "member-of" attribute and only ask for the groups listed here.

December 22, 2008 at 11:48 PM
Martyn Ayshford said...

Came across this when we were shorting out some performance issues on our Portal 6.1 migration. On the LDAP query causing the issued from the command line it fixed the perofmance issue, the same query issued by portal server wasn't fixed (it puts a lot of java baggage into
the search string). We evenutally upgraded to 6.3.1 the latest version at the time. This is not on the websphere portal server support matrix, but works fine. Better than fine actually. Performance on groups with it is sparkling.

June 11, 2009 at 3:25 AM

Post a Comment

Subscribe to: Post Comments (Atom)