IBM BS029ML Self Help Guide - Page 166
WebSphere session management tuning, Advanced LDAP filters
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 166 highlights
Advanced LDAP filters We highly recommend that the WebSphere advanced LDAP security filter settings are checked for the most appropriate values according to your chosen LDAP directory server. Failing to corroborate these settings will not only lead to problems with authentication, but can also influence the overall performance of the authentication mechanism. Two approaches exist for finding LDAP group details. The first uses the GroupFilter to search for groups based on a specified objectclass, for example, groupOfUniqueNames. This is the same approach taken when searching for users with the UserFilter. Unfortunately, this approach scales poorly with large numbers of groups and with large group memberships. To overcome this issue, many LDAP directory servers now support the listing of groups for which a user is a member as an operational attribute on the actual user object. For example, Active Directory uses the memberOf attribute to hold group membership entries. The correct value should therefore be defined in the Group Member ID Map field. If the attribute is not present, then WebSphere will use the alternative GroupFilter search approach. To view or modify the Advanced LDAP Settings from the WebSphere Application Server Administrative Console, select Security → Global Security → User Registries → LDAP → Advanced LDAP Settings. Table 5-10 shows the recommended value. Table 5-10 Advanced LDAP settings Parameter Group Member ID Map Recommended value Value from Table 5-15 (See InfoCenter) Note: The Lotus Domino LDAP implementation only supports the indirect method to locate the group memberships for a user. As such, it is not possible to determine the group membership of a given user by querying the user object directly. Instead, group membership is achieved by iteratively searching through the member list of all groups. 5.2.8 WebSphere session management tuning User interactions with WebSphere Portal Server are maintained through the use of a HttpSession. This provides a way to preserve data across multiple pages or requests on an individual user basis. It follows therefore that the size of the HttpSession object and the size of the permissible Java heap directly influence the number of users that Portal can concurrently support. Of course, scalability issues can be addressed by WebSphere cloning. In order to reduce Java heap memory consumption, we typically recommend that the HttpSession timeout setting be reduced from the default value of 30 minutes to 10 minutes. Adopting this approach will then expire the HttpSessions more rapidly, due to the reduced inactivity timeout period and allow Java garbage collection (GC) to eventually reclaim the memory back to the Java heap. To view or modify the Session Management Settings from the WebSphere Application Server Administrative Console, select Servers → Application Servers → WebSphere_Portal → Container Settings → Web Container Settings → Session Management. Table 5-11 on page 153 shows the default and recommended values. 152 IBM WebSphere Portal V6 Self Help Guide
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/166.png)