Tunings for the LDAP IDS Sync

| | Comments (1)
gone_running.jpgAre you worried about your LDAP IDS sync's running time? If your system is relatively small, you may not think much about it. You run them each night, or maybe even several times during the day, and life is good. However, on systems that push beyond several hundred thousand users, the performance of this product may become important. An obscure setting can cut the time in half.

This week I reinstalled the IDS, and after running it with default settings, my sync ran in about eight hours. After some tunings though, the job usually finishes in three and a half hours.

Cached Objects
The most important tuning done in %WCI_HOME%\ptldapaws\2.2\settings\config\ldap\properties.xml. I increased the MAX_CACHED_USER_OBJECTS setting from the meager 20000 to instead 1000000.

With this increased cache setting, you may also find you need to increase memory allocation. Do this in

# Initial Java Heap Size (in MB)

# Maximum Java Heap Size (in MB)

Session Timeout
Another tuning we use that may be necessary when you run larger synchronization batches is to increase the session timeout period within the ldapws.war file's web.xml. The default session-timeout is 60 minutes, but we run at 600.



I implemented the solution outlined and reduced the ldap sync from 5 hours to 1 hour (500,000 users).

I am now experiencing the same problem with the profile sync taking 21 hours. Do you know of any way to improve the performance of the profile sync? (3 mapped attributes)

Leave a comment