IBM BS029ML Self Help Guide - Page 168
Added support for WMM LDAP connection pooling, Improving group searches, Important
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 168 highlights
Added support for WMM LDAP connection pooling By default, WMM creates a single LDAP connection and reuses this connection for all subsequent requests. This is, of course, in addition to the LDAP connection established and reused by the underlying WebSphere Application Server that performs the authentication task on behalf of Portal (assuming that no authenticating proxy such as Tivoli WebSEAL or CA SiteMinder are being used). Occasionally, several users may simultaneously access the Portal and ultimately the internal WMM component at the same time. For this reason, you can configure WMM to support an LDAP connection pooling mechanism for improved performance. This can be done by modifying the wmm.xml file and adding the parameters detailed in Table 5-13. Table 5-13 WMM LDAP connection pooling parameters Parameter Default value dirContextTimeToLive -1 dirContextsMaxSize Recommended value -1 10 dirContextsMinSize dirContextTimeout 1 3 300 3000 Important: Setting the dirContextTimeToLive=-1 means that each connection will be reused forever, until the connection is stale. Improving group searches As outlined in "Advanced LDAP filters" on page 152, there are two approaches for finding the group membership for a specific user. Many LDAP directory servers now support listing the groups for which a user is a member as an attribute of the user object (in Active Directory, for example, this is the memberOf attribute). WMM can be configured to use this attribute when asked by WebSphere Portal Server for the groups for which a user is a member, rather than doing an iterative LDAP search for objects of the group objectclass, which have the user DN as a member record. This results in performance improvements for such searches. WMM will still use the group objects themselves when asked to enumerate "all the members of a group". The LDAP directory server itself must be responsible for keeping the attribute in sync with the group member list, so that all groups where the user is listed as a member show up on the attribute, and only groups where the user is listed as a member show up on the attribute. This can be done by modifying the wmm.xml file and adding the parameter detailed in Table 5-14. Table 5-14 WMM MemberOf parameter Parameter groupMembershipAttributeMap Default value n/a Recommended value Value from Table 5-15 Table 5-15 on page 155 is a summary of the memberOfAttributeName parameters that various LDAP directory servers support. 154 IBM WebSphere Portal V6 Self Help Guide
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/168.png)