|Applies To||RSA ClearTrust 5.0.1 Authorization Server (AServer)|
|Issue||RSA ClearTrust performance and tuning information|
The RSA ClearTrust documentation lacks adequate information on the impact of changing the various Connection Management related parameters in ldap.conf, specifically when attempting to tune ClearTrust to gain performance. Some of the questions include:
1. What is the recommended value that the following:
"cleartrust.data.ldap.directory.<ldap-name>.connection.startconnections", "cleartrust.data.ldap.directory.<ldap-name>.connection.ondemandconnections", "cleartrust.data.ldap.directory.<ldap-name>.connection.maxconnections"
should be for the Auth Server to an LDAP connection pool parameters? Is there some type of equation that can be used based on an average load to calculate these?
2. What are performance-related aspects that should be considered or monitored to determine when the allocated connections are insufficient?
|Resolution||A document has been written to aid in understanding the various elements involved in RSA ClearTrust Authorization Server performance and tuning those elements for maximum efficiency. This document is available as a hot fix 220.127.116.11. Contact RSA Security Customer Service and request for hot fix 18.104.22.168 for ClearTrust.|
Section 3.3 of the Performance and Tuning guide makes a reference to a parameter:
This parameter is not listed in ldap.conf; the correct name of the parameter is:
Also, make a note of the following excerpt from the release notes for ClearTrust 5.0.1 Servers:
"Defective parameter mapping to ConnectionManagerData.java
Issue Tracking Number: 6405
Description of Problem: An issue with ConnectionManagerData.java causes the Servers to read incorrect values for two parameters in sql.conf or ldap.conf. Specifically, the value of the connection.reclaimconnections parameter is used incorrectly for the other two parameters, connection.keepalive and connection.validate_on_reserve. Because of this bug, validate_on_reserve and connection.keepalive are set to whatever reclaimconnections is set.
Description of Solution: None."
|Legacy Article ID||a17712|