Miscellaneous; Security Object Caching; Subtree Search Performance Improvement - Novell EDIRECTORY 8.8 - GUIDE Manual

11

Miscellaneous

This chapter covers miscellaneous new features with Novell

Security Object Caching

The security container is created off the root partition when the first server is installed in the tree
and holds information such as global data, security policies, and keys.
After universal password was introduced, whenever a user logged into eDirectory through
NMAS
When the partition having the security container was not present locally, NMAS accessed the
server, which had this partition. This had an adverse impact on the performance of NMAS
authentication. The situation was worse in the scenarios where the server containing the partition
having the security container had to be accessed over WAN links.
To resolve this, with eDirectory 8.8, the security container data is cached onto the local server.
Therefore, NMAS does not need to access the security container located on a different machine
whenever a user logs in, it can easily access it locally. This increases the performance. Adding the
partition having security container to local server improves the performance, but it might not be
feasible in scenarios where there are too many servers.
If the actual data in the security container changes on the server containing the security container
partition, the local cache is refreshed by a background process called backlinker. By default,
backlinker runs every thirteen hours and it pulls the modified data from remote server. In case, the
data needs to be synchronized immediately, you can schedule backlinker on the local server either
through iMonitor, ndstrace (Linux and UNIX), dstrace (Netware
more information, refer to the iMonitor online help or the ndstrace manpage.
The security object caching feature is enabled by default. If you do not want backlinker to cache
any data, remove CachedAttrsOnExtRef from the NCP server object.

Subtree Search Performance Improvement

The eDirectory subtree search performance for a large tree with a significantly nested structure
remains flat irrespective of the base DN of the search. This has been resolved by using an
AncestorID attribute. The AncestorID attribute is a list of entryIDs of all ancestors, associated with
"Security Object Caching" on page 69
"Subtree Search Performance Improvement" on page 69
"Localhost Changes" on page 70
"256 File Handler on Solaris" on page 70
"Memory Manager on Solaris" on page 70
®
, NMAS accessed the information in the security container to authenticate the login.
®
eDirectory 8.8.
TM
®
), or ndscons (Windows). For
Miscellaneous
69