Table of Contents
Advertisement
Miscellaneous
1 2
This chapter covers miscellaneous new features with Novell
•
Section 12.1, "Security Object Caching," on page 67
•
Section 12.2, "Subtree Search Performance Improvement," on page 67
•
Section 12.3, "Localhost Changes," on page 68
•
Section 12.4, "256 File Handler on Solaris," on page 68
•
Section 12.5, "Memory Manager on Solaris," on page 68
12.1 Security Object Caching
The security container is created off the root partition when the first server is installed in the tree and
holds information such as global data, security policies, and keys.
After universal password was introduced, whenever a user logged into eDirectory through NMAS
NMAS accessed the information in the security container to authenticate the login. When the
partition having the security container was not present locally, NMAS accessed the server, which
had this partition. This had an adverse impact on the performance of NMAS authentication. The
situation was worse in the scenarios where the server containing the partition having the security
container had to be accessed over WAN links.
To resolve this, with eDirectory 8.8, the security container data is cached onto the local server.
Therefore, NMAS does not need to access the security container located on a different machine
whenever a user logs in, it can easily access it locally. This increases the performance. Adding the
partition having security container to local server improves the performance, but it might not be
feasible in scenarios where there are too many servers.
If the actual data in the security container changes on the server containing the security container
partition, the local cache is refreshed by a background process called backlinker. By default,
backlinker runs every thirteen hours and it pulls the modified data from remote server. In case, the
data needs to be synchronized immediately, you can schedule backlinker on the local server either
through iMonitor, ndstrace (Linux and UNIX), dstrace (Netware
more information, refer to the iMonitor online help or the ndstrace manpage.
The security object caching feature is enabled by default. If you do not want backlinker to cache any
data, remove CachedAttrsOnExtRef from the NCP server object.
12.2 Subtree Search Performance Improvement
The eDirectory subtree search performance for a large tree with a significantly nested structure
remains flat irrespective of the base DN of the search. This has been resolved by using an
AncestorID attribute. The AncestorID attribute is a list of entryIDs of all ancestors, associated with
each entry. This AncestorID is used internally during the subtree search and therefore restricts the
scope of the search.
This attribute gets populated while adding an entry and after upgrade for all the entries in the DIB
and is repopulated for all the entries in the subtree after a subtree is moved. However, the subtree
search will not use the AncestorID attribute while populating the attribute after upgrade and subtree
®
eDirectory
8.8.
TM
®
), or ndscons (Windows). For
12
®
,
Miscellaneous
67
Advertisement
Table of Contents
