IBM BS029ML - WebSphere Portal Server Self Help Manual page 168

Added support for WMM LDAP connection pooling
By default, WMM creates a single LDAP connection and reuses this connection for all
subsequent requests. This is, of course, in addition to the LDAP connection established and
reused by the underlying WebSphere Application Server that performs the authentication task
on behalf of Portal (assuming that no authenticating proxy such as Tivoli WebSEAL or CA
SiteMinder are being used).
Occasionally, several users may simultaneously access the Portal and ultimately the internal
WMM component at the same time. For this reason, you can configure WMM to support an
LDAP connection pooling mechanism for improved performance. This can be done by
modifying the wmm.xml file and adding the parameters detailed in Table 5-13.
Table 5-13 WMM LDAP connection pooling parameters
Parameter
dirContextTimeToLive
dirContextsMaxSize
dirContextsMinSize
dirContextTimeout
Important: Setting the dirContextTimeToLive=-1 means that each connection will be
reused forever, until the connection is stale.
Improving group searches
As outlined in "Advanced LDAP filters" on page 152, there are two approaches for finding the
group membership for a specific user. Many LDAP directory servers now support listing the
groups for which a user is a member as an attribute of the user object (in Active Directory, for
example, this is the memberOf attribute). WMM can be configured to use this attribute when
asked by WebSphere Portal Server for the groups for which a user is a member, rather than
doing an iterative LDAP search for objects of the group objectclass, which have the user DN
as a member record. This results in performance improvements for such searches. WMM will
still use the group objects themselves when asked to enumerate "all the members of a group".
The LDAP directory server itself must be responsible for keeping the attribute in sync with the
group member list, so that all groups where the user is listed as a member show up on the
attribute, and only groups where the user is listed as a member show up on the attribute.
This can be done by modifying the wmm.xml file and adding the parameter detailed in
Table 5-14.
Table 5-14 WMM MemberOf parameter
Parameter
groupMembershipAttributeMap
Table 5-15 on page 155 is a summary of the memberOfAttributeName parameters that
various LDAP directory servers support.
154
IBM WebSphere Portal V6 Self Help Guide
Default value
-1
1
300
Default value
n/a
Recommended value
-1
10
3
3000
Recommended value
Value from Table 5-15