[prev in list] [next in list] [prev in thread] [next in thread]
List: forgerock-openam-commit
Subject: [CommitOpenAM] [10309] trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx :
From: noreply () forgerock ! org
Date: 2014-08-29 7:49:53
Message-ID: 20140829074953.98250422A4 () sources ! internal ! forgerock ! com
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[10309] trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx: \
CR-4340 Fix for AME-4220: Document AME-4028 Allow CTS Operations to use a \
timeout</title> </head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: \
verdana,arial,helvetica,sans-serif; font-size: 10pt; } #msg dl a { font-weight: \
bold} #msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: \
bold; } #msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: \
6px; } #logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em \
0; } #logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg \
h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; } \
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; \
} #logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: \
-1.5em; padding-left: 1.5em; } #logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em \
1em 0 1em; background: white;} #logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid \
#fa0; border-bottom: 1px solid #fa0; background: #fff; } #logmsg table th { \
text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted \
#fa0; } #logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: \
0.2em 0.5em; } #logmsg table thead th { text-align: center; border-bottom: 1px solid \
#fa0; } #logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: \
6px; } #patch { width: 100%; }
#patch h4 {font-family: \
verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, \
#patch .copfile {border:1px solid #ccc;margin:10px 0;} #patch ins \
{background:#dfd;text-decoration:none;display:block;padding:0 10px;} #patch del \
{background:#fdd;text-decoration:none;display:block;padding:0 10px;} #patch .lines, \
.info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a \
href="http://sources.forgerock.org/changelog/openam/?cs=10309">10309</a></dd> \
<dt>Author</dt> <dd>mark</dd> <dt>Date</dt> <dd>2014-08-29 08:49:53 +0100 (Fri, 29 \
Aug 2014)</dd> </dl>
<h3>Log Message</h3>
<pre>CR-4340 Fix for AME-4220: Document AME-4028 Allow CTS Operations to use a \
timeout</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxadminguidechap \
tuningxml">trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/admin-guide/chap-tuning.xml</a></li>
<li><a href="#trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxinstallguidec \
hapctsxml">trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/install-guide/chap-cts.xml</a></li>
<li><a href="#trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxinstallguidei \
magesctsdefaultstorepng">trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/install-guide/images/cts-default-store.png</a></li>
<li><a href="#trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxreferencechap \
configrefxml">trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/reference/chap-config-ref.xml</a></li>
<li><a href="#trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxreleasenotesc \
hapwhatsnewxml">trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/release-notes/chap-whats-new.xml</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxadminguidechaptuningxml"></a>
<div class="modfile"><h4>Modified: \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/admin-guide/chap-tuning.xml \
(10308 => 10309)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/admin-guide/chap-tuning.xml 2014-08-29 \
05:19:06 UTC (rev 10308)
+++ trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/admin-guide/chap-tuning.xml 2014-08-29 \
07:49:53 UTC (rev 10309) </span><span class="lines">@@ -85,111 +85,338 @@
</span><span class="cx"> <title>LDAP Settings</title>
</span><span class="cx">
</span><span class="cx"> <para>
</span><del>- Tune both your LDAP data stores and also your LDAP authentication \
modules. </del><ins>+ Tune your LDAP data stores, your LDAP authentication \
modules, + and connection pools for CTS and configuration stores.
</ins><span class="cx"> </para>
</span><del>-
- <para>To change LDAP data store settings, browse to Access Control &gt;
- <replaceable>Realm Name</replaceable> &gt; Data Stores &gt;
- <replaceable>Data Store Name</replaceable> in the OpenAM console.
- Each data store has its own connection pool and therefore each data store
- needs its own tuning.</para>
-
- <table xml:id="tuning-ldap-data-store-settings" \
pgwide="1">
- <title>LDAP Data Store Settings</title>
- <tgroup cols="3">
- <colspec colnum="1" colwidth="2*"/>
- <colspec colnum="2" colwidth="1*"/>
- <colspec colnum="3" colwidth="3*"/>
- <thead>
- <row>
- <entry>Property</entry>
- <entry>Default Value</entry>
- <entry>Suggestions</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>LDAP Connection Pool Minimum Size</entry>
- <entry>1</entry>
- <entry>
- <para>The minimum LDAP connection pool size; a good tuning value
- for this property is 10.</para>
- <para>(<literal>sun-idrepo-ldapv3-config-connection_pool_min_size</literal>)</para>
- </entry>
- </row>
- <row>
- <entry>LDAP Connection Pool Maximum Size</entry>
- <entry>10</entry>
- <entry>
- <para>The maximum LDAP connection pool size; a high tuning value
- for this property is 65, though you might well be able to reduce this
- for your deployment. Ensure your LDAP server can cope with the maximum
- number of clients across all the OpenAM servers.</para>
- <para>(<literal>sun-idrepo-ldapv3-config-connection_pool_max_size</literal>)</para>
- </entry>
- </row>
- <!-- no longer included in the console
- <row>
- <entry>Caching</entry>
- <entry>False</entry>
- <entry>
- <para>Turn on the caching feature in the LDAP data store.</para>
- <para>(<literal>sun-idrepo-ldapv3-config-cache-enabled</literal>)</para>
- </entry>
- </row>
- <row>
- <entry>Maximum Age of Cached Items</entry>
- <entry>600</entry>
- <entry>
- <para>This is 10 minutes and does not normally need \
tuning.</para>
- <para>(<literal>sun-idrepo-ldapv3-config-cache-ttl</literal>)</para>
- </entry>
- </row>
- <row>
- <entry>Maximum Size of the Cache</entry>
- <entry>10240</entry>
- <entry>
- <para>This is 10k and is very small for a cache. A 1 MB cache \
(1048576)
- is a better starting point.</para>
- <para>(<literal>sun-idrepo-ldapv3-config-cache-size</literal>)</para>
- </entry>
- </row>
- -->
- </tbody>
- </tgroup>
- </table>
-
- <para>To change connection pool settings for the LDAP authentication \
module,
- browse to Configuration &gt; Authentication &gt; Core in the OpenAM
- console.</para>
-
- <table xml:id="tuning-ldap-authentication-module-settings" \
pgwide="1">
- <title>LDAP Authentication Module Setting</title>
- <tgroup cols="3">
- <colspec colnum="1" colwidth="2*"/>
- <colspec colnum="2" colwidth="1*"/>
- <colspec colnum="3" colwidth="3*"/>
- <thead>
- <row>
- <entry>Property</entry>
- <entry>Default Value</entry>
- <entry>Suggestions</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>Default LDAP Connection Pool Size</entry>
- <entry>1:10</entry>
- <entry>
- <para>The minimum and maximum LDAP connection pool used by the
- LDAP authentication module. This should be tuned to 10:65 for
- production.</para>
- <para>(<literal>iplanet-am-auth-ldap-connection-pool-default-size</literal>)</para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </table>
</del><ins>+
+ <section xml:id="tuning-ldap-settings-data-stores">
+ <title>Tuning LDAP Data Store Settings</title>
+
+ <para>To change LDAP data store settings, browse to Access Control \
&gt; + <replaceable>Realm Name</replaceable> &gt; Data Stores \
&gt; + <replaceable>Data Store Name</replaceable> in the OpenAM \
console. + Each data store has its own connection pool and therefore each data \
store + needs its own tuning.</para>
+
+ <table xml:id="tuning-ldap-data-store-settings" \
pgwide="1"> + <title>LDAP Data Store Settings</title>
+ <tgroup cols="3">
+ <colspec colnum="1" colwidth="2*"/>
+ <colspec colnum="2" colwidth="1*"/>
+ <colspec colnum="3" colwidth="3*"/>
+ <thead>
+ <row>
+ <entry>Property</entry>
+ <entry>Default Value</entry>
+ <entry>Suggestions</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>LDAP Connection Pool Minimum Size</entry>
+ <entry>1</entry>
+ <entry>
+ <para>The minimum LDAP connection pool size; a good tuning value
+ for this property is 10.</para>
+ <para>(<literal>sun-idrepo-ldapv3-config-connection_pool_min_size</literal>)</para>
+ </entry>
+ </row>
+ <row>
+ <entry>LDAP Connection Pool Maximum Size</entry>
+ <entry>10</entry>
+ <entry>
+ <para>The maximum LDAP connection pool size; a high tuning value
+ for this property is 65, though you might well be able to reduce this
+ for your deployment. Ensure your LDAP server can cope with the maximum
+ number of clients across all the OpenAM servers.</para>
+ <para>(<literal>sun-idrepo-ldapv3-config-connection_pool_max_size</literal>)</para>
+ </entry>
+ </row>
+ <!-- no longer included in the console
+ <row>
+ <entry>Caching</entry>
+ <entry>False</entry>
+ <entry>
+ <para>Turn on the caching feature in the LDAP data \
store.</para> + \
<para>(<literal>sun-idrepo-ldapv3-config-cache-enabled</literal>)</para>
+ </entry>
+ </row>
+ <row>
+ <entry>Maximum Age of Cached Items</entry>
+ <entry>600</entry>
+ <entry>
+ <para>This is 10 minutes and does not normally need \
tuning.</para> + \
<para>(<literal>sun-idrepo-ldapv3-config-cache-ttl</literal>)</para>
+ </entry>
+ </row>
+ <row>
+ <entry>Maximum Size of the Cache</entry>
+ <entry>10240</entry>
+ <entry>
+ <para>This is 10k and is very small for a cache. A 1 MB cache \
(1048576) + is a better starting point.</para>
+ <para>(<literal>sun-idrepo-ldapv3-config-cache-size</literal>)</para>
+ </entry>
+ </row>
+ -->
+ </tbody>
+ </tgroup>
+ </table>
+ </section>
+
+ <section xml:id="tuning-ldap-settings-auth-modules">
+ <title>Tuning LDAP Authentication Module Settings</title>
+
+ <para>To change connection pool settings for the LDAP authentication \
module, + browse to Configuration &gt; Authentication &gt; Core in the \
OpenAM + console.</para>
+
+ <table xml:id="tuning-ldap-authentication-module-settings" \
pgwide="1"> + <title>LDAP Authentication Module \
Setting</title> + <tgroup cols="3">
+ <colspec colnum="1" colwidth="2*"/>
+ <colspec colnum="2" colwidth="1*"/>
+ <colspec colnum="3" colwidth="3*"/>
+ <thead>
+ <row>
+ <entry>Property</entry>
+ <entry>Default Value</entry>
+ <entry>Suggestions</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Default LDAP Connection Pool Size</entry>
+ <entry>1:10</entry>
+ <entry>
+ <para>The minimum and maximum LDAP connection pool used by the
+ LDAP authentication module. This should be tuned to 10:65 for
+ production.</para>
+ <para>(<literal>iplanet-am-auth-ldap-connection-pool-default-size</literal>)</para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </section>
+
+ <section xml:id="tuning-ldap-settings-cts">
+ <title>Tuning LDAP CTS &amp; Configuration Store \
Settings</title> +
+ <para>
+ When tuning LDAP connection pool settings for the Core Token Service (CTS),
+ what you change depends on whether the directory service backing the CTS
+ is the same directory service backing OpenAM configuration.
+ </para>
+
+ <para>
+ When the same directory service backs
+ both the CTS and also OpenAM configuration (the default),
+ then the same connection pool is shared for any LDAP operations requested
+ by the CTS or by a service accessing the OpenAM configuration.
+ In this case, one connection is reserved for cleanup of expired CTS tokens.
+ Roughly half of the connections are allocated for CTS operations,
+ to the nearest power of two.<footnote>
+ <para>
+ To be precise, the number of connections allocated for CTS operations
+ is equal to the power of two that is nearest to
+ half the maximum number of connections in the pool.
+ </para>
+ </footnote>
+ The remaining connections are allocated
+ to services accessing the OpenAM configuration.
+ For a default configuration,
+ where the maximum number of connections in the pool is 10,
+ 1 connection is allocated for cleanup of expired CTS tokens,
+ 4 connections are allocated for other CTS operations,
+ and 5 connections are allocated for services accessing the configuration.
+ If the Maximum Connection Pool size is 20,
+ 1 connection is allocated for cleanup of expired CTS tokens,
+ 8 connections are allocated for other CTS operations,
+ and 11 connections are allocated for services accessing the configuration.
+ If the pool size is 65, then the numbers are 1, 32, and 32, and so on.
+ </para>
+
+ <para>
+ The minimum number of connections is 6.
+ </para>
+
+ <para>
+ When the directory service backing the CTS is external
+ (differs from the directory service backing the OpenAM configuration)
+ then the connection pool used to access the directory service for the CTS
+ is separate from the pool used to access the directory service
+ for the OpenAM configuration.
+ One connection is reserved for cleanup of expired CTS tokens.
+ Remaining connections are allocated for CTS operations
+ such that the number of connections allocated is equal to a power of two.
+ In this case, set the maximum number of connections to 2^n+1,
+ as in 9, 17, 33, 65, and so forth.
+ </para>
+
+ <para>
+ If the same directory service backs
+ both the CTS and also OpenAM configuration,
+ then set pool sizes under
+ Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > Directory Configuration.
+ </para>
+
+ <para>
+ If the directory service backing the CTS is external
+ (differs from the directory service backing the OpenAM configuration),
+ then set the maximum connection pool size under
+ Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > CTS > External Store Configuration.
+ </para>
+
+ <para>
+ In both cases, if you must change the default connection timeouts,
+ set the advanced properties described below under
+ Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > Advanced.
+ </para>
+
+ <table xml:id="tuning-ldap-cts-settings" pgwide="1">
+ <title>CTS Store LDAP Connection Pool Settings</title>
+ <tgroup cols="3">
+ <colspec colnum="1" colwidth="2*"/>
+ <colspec colnum="2" colwidth="1*"/>
+ <colspec colnum="3" colwidth="3*"/>
+ <thead>
+ <row>
+ <entry>Property</entry>
+ <entry>Default Value</entry>
+ <entry>Suggestions</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Maximum Connection Pool</entry>
+ <entry>10</entry>
+ <entry>
+ <para>
+ Find this setting in OpenAM console under
+ Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > Directory Configuration.
+ </para>
+
+ <!--
+ Here is a guesstimate based on the pre-CTS default setting:
+ -->
+
+ <para>
+ When the same directory service backs
+ both the CTS and also OpenAM configuration,
+ consider increasing this to at least 19
+ to allow 9 connections for the CTS,
+ and 10 connections for access to the OpenAM configuration
+ (including for example looking up policies).
+ </para>
+ </entry>
+ </row>
+
+ <row>
+ <entry>Max Connections</entry>
+ <entry>10</entry>
+ <entry>
+ <para>
+ Find this setting in OpenAM console under
+ Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > CTS > External Store Configuration.
+ </para>
+
+ <para>
+ When the directory service backing the CTS is external
+ and the load on the CTS is high,
+ consider setting this to 2^n+1, where n = 4, 5, 6, and so on.
+ In other words, try setting this to 17, 33, 65, and so on
+ when testing performance under load.
+ </para>
+
+ <para>
+ (<literal>org-forgerock-services-cts-store-max-connections</literal>)
+ </para>
+ </entry>
+ </row>
+
+ <row>
+ <entry>CTS connection timeout (advanced property)</entry>
+ <entry>10 (seconds)</entry>
+ <entry>
+ <para>
+ Most CTS requests to the directory server are handled quickly,
+ so the default timeout is fine for most cases.
+ </para>
+
+ <para>
+ If you choose to vary this setting for performance testing,
+ set the advanced property,
+ <literal>org.forgerock.services.datalayer.connection.timeout.cts.async</literal>,
+ under Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > Advanced.
+ </para>
+
+ <para>
+ You must restart OpenAM or the container in which it runs
+ for changes to take effect.
+ </para>
+ </entry>
+ </row>
+
+ <row>
+ <entry>CTS reaper timeout (advanced property)</entry>
+ <entry>None</entry>
+ <entry>
+ <para>
+ The CTS token cleanup connection generally should not time out
+ as it is used to request long-running queries
+ that can return many results.
+ </para>
+
+ <para>
+ If you choose to vary this setting for performance testing,
+ set the advanced property,
+ <literal>org.forgerock.services.datalayer.connection.timeout.cts.reaper</literal>,
+ to the number of seconds desired
+ under Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > Advanced.
+ </para>
+
+ <para>
+ You must restart OpenAM or the container in which it runs
+ for changes to take effect.
+ </para>
+ </entry>
+ </row>
+
+ <row>
+ <entry>Configuration management connection timeout (advanced \
property)</entry> + <entry>10 (seconds)</entry>
+ <entry>
+ <para>
+ Most configuration management requests to the directory server
+ are handled quickly, so the default timeout is fine for most cases.
+ </para>
+
+ <para>
+ If you choose to vary this setting for performance testing,
+ set the advanced property,
+ <literal>org.forgerock.services.datalayer.connection.timeout</literal>,
+ under Configuration > Servers and Sites > <replaceable>server \
name</replaceable> + > Advanced.
+ </para>
+
+ <para>
+ You must restart OpenAM or the container in which it runs
+ for changes to take effect.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </section>
</ins><span class="cx"> </section>
</span><span class="cx">
</span><span class="cx"> <section \
xml:id="tuning-notification-settings"> </span></span></pre></div>
<a id="trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxinstallguidechapctsxml"></a>
<div class="modfile"><h4>Modified: \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/install-guide/chap-cts.xml \
(10308 => 10309)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/install-guide/chap-cts.xml 2014-08-29 \
05:19:06 UTC (rev 10308)
+++ trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/install-guide/chap-cts.xml 2014-08-29 \
07:49:53 UTC (rev 10309) </span><span class="lines">@@ -137,7 +137,7 @@
</span><span class="cx"> </listitem>
</span><span class="cx"> <listitem>
</span><span class="cx"> <para><literal>Directory \
Name</literal></para> </span><del>- \
<para><literal>opendj-cts.example.org</literal></para> \
</del><ins>+ <para><literal>opendj-cts.example.com</literal></para>
</ins><span class="cx"> </listitem>
</span><span class="cx"> <listitem>
</span><span class="cx"> \
<para><literal>Port</literal></para> </span><span \
class="lines">@@ -166,8 +166,18 @@ </span><span class="cx"> </para>
</span><span class="cx">
</span><span class="cx"> <para>
</span><del>- <literal>20</literal> (arbitrary number)
</del><ins>+ When the directory service backing the CTS is external
+ (differs from the directory service backing the OpenAM configuration)
+ then this setting configures the maximum number of connections
+ in the connection pool used to access the directory service for the CTS.
+ One connection is reserved for cleanup of expired tokens.
+ The other connections are available for CTS operations.
</ins><span class="cx"> </para>
</span><ins>+
+ <para>
+ <literal>17</literal>
+ (16 connections for CTS operations, 1 for token cleanup)
+ </para>
</ins><span class="cx"> </listitem>
</span><span class="cx">
</span><span class="cx"> <listitem>
</span></span></pre></div>
<a id="trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxinstallguideimagesctsdefaultstorepng"></a>
<div class="binary"><h4>Modified: \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/install-guide/images/cts-default-store.png</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<a id="trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxreferencechapconfigrefxml"></a>
<div class="modfile"><h4>Modified: \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/reference/chap-config-ref.xml \
(10308 => 10309)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/reference/chap-config-ref.xml 2014-08-29 \
05:19:06 UTC (rev 10308)
+++ trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/reference/chap-config-ref.xml 2014-08-29 \
07:49:53 UTC (rev 10309) </span><span class="lines">@@ -4736,6 +4736,16 @@
</span><span class="cx"> <para>
</span><span class="cx"> Notes the maximum number of remote connections to the \
external datastore. </span><span class="cx"> </para>
</span><ins>+
+ <para>
+ For suggested settings,
+ see the <citetitle>Administration Guide</citetitle> section on
+ <link
+ xlink:show="new"
+ xlink:href="admin-guide#tuning-ldap-settings-cts"
+ xlink:role="http://docbook.org/xlink/role/olink"
+ ><citetitle>Tuning LDAP CTS &amp; Configuration Store \
Settings</citetitle></link>. + </para>
</ins><span class="cx"> </listitem>
</span><span class="cx"> </varlistentry>
</span><span class="cx">
</span><span class="lines">@@ -5623,6 +5633,75 @@
</span><span class="cx"> </varlistentry>
</span><span class="cx">
</span><span class="cx"> <varlistentry>
</span><ins>+ <term><literal>org.forgerock.services.datalayer.connection.timeout</literal></term>
+ <listitem>
+ <para>
+ Timeout in seconds for LDAP connections to the configuration data store.
+ </para>
+
+ <para>
+ Default: 10 (seconds)
+ </para>
+
+ <para>
+ For suggested settings,
+ see the <citetitle>Administration Guide</citetitle> section on
+ <link
+ xlink:show="new"
+ xlink:href="admin-guide#tuning-ldap-settings-cts"
+ xlink:role="http://docbook.org/xlink/role/olink"
+ ><citetitle>Tuning LDAP CTS &amp; Configuration Store \
Settings</citetitle></link>. + </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>org.forgerock.services.datalayer.connection.timeout.cts.async</literal></term>
+ <listitem>
+ <para>
+ Timeout in seconds for LDAP connections used for most CTS operations.
+ </para>
+
+ <para>
+ Default: 10 (seconds)
+ </para>
+
+ <para>
+ For suggested settings,
+ see the <citetitle>Administration Guide</citetitle> section on
+ <link
+ xlink:show="new"
+ xlink:href="admin-guide#tuning-ldap-settings-cts"
+ xlink:role="http://docbook.org/xlink/role/olink"
+ ><citetitle>Tuning LDAP CTS &amp; Configuration Store \
Settings</citetitle></link>. + </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>org.forgerock.services.datalayer.connection.timeout.cts.reaper</literal></term>
+ <listitem>
+ <para>
+ Timeout in seconds for the LDAP connection used for CTS token cleanup.
+ </para>
+
+ <para>
+ Default: None (do not time out)
+ </para>
+
+ <para>
+ For suggested settings,
+ see the <citetitle>Administration Guide</citetitle> section on
+ <link
+ xlink:show="new"
+ xlink:href="admin-guide#tuning-ldap-settings-cts"
+ xlink:role="http://docbook.org/xlink/role/olink"
+ ><citetitle>Tuning LDAP CTS &amp; Configuration Store \
Settings</citetitle></link>. + </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
</ins><span class="cx"> \
<term><literal>securidHelper.ports</literal></term> \
</span><span class="cx"> <listitem> </span><span class="cx"> \
<para>Port on which SecurID daemon listens.</para> \
</span></span></pre></div> <a \
id="trunkopenamopenamdocumentationopenamdocsourcesrcmaindocbkxreleasenoteschapwhatsnewxml"></a>
<div class="modfile"><h4>Modified: \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/release-notes/chap-whats-new.xml \
(10308 => 10309)</h4> <pre class="diff"><span>
<span class="info">--- \
trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/release-notes/chap-whats-new.xml 2014-08-29 \
05:19:06 UTC (rev 10308)
+++ trunk/openam/openam-documentation/openam-doc-source/src/main/docbkx/release-notes/chap-whats-new.xml 2014-08-29 \
07:49:53 UTC (rev 10309) </span><span class="lines">@@ -248,6 +248,21 @@
</span><span class="cx"> </para>
</span><span class="cx"> </listitem>
</span><span class="cx">
</span><ins>+ <listitem><!-- AME-4028 -->
+ <para>
+ <emphasis role="bold">Fine-Grained Settings for LDAP \
Connections</emphasis>. + OpenAM now provides additional options for tuning
+ LDAP connection pool sizes and timeouts related to the Core Token Service
+ and to other components that use LDAP connections.
+ For details, see the <citetitle>Administration Guide</citetitle> \
section on + <link
+ xlink:show="new"
+ xlink:href="admin-guide#tuning-ldap-settings-cts"
+ xlink:role="http://docbook.org/xlink/role/olink"
+ ><citetitle>Tuning LDAP CTS &amp; Configuration Store \
Settings</citetitle></link>. + </para>
+ </listitem>
+
</ins><span class="cx"> <listitem><!-- AME-2975 -->
</span><span class="cx"> <para>
</span><span class="cx"> <emphasis role="bold">OAuth 2.0 Scope \
Conditions</emphasis>. </span></span></pre>
</div>
</div>
<div id="footer">Copyright (c) by ForgeRock. All rights reserved.</div>
</body>
</html>
_______________________________________________
CommitOpenAM mailing list
CommitOpenAM@forgerock.org
https://lists.forgerock.org/mailman/listinfo/commitopenam
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic