Ensure all threads are not blocked during context pool re-creation
Use the information to ensure all threads that are trying to communicate with the LDAP server are not blocked when the server is down until the read times out.
Problem
If an LDAP server is down, an exception is thrown when any new thread tries to read from the server. Virtual member manager then tries to re-create the LDAP context pool. During the re-creation of the context pool, all incoming threads are blocked. If the connection cannot be made in 120 seconds, an exception is thrown and the threads are able to complete their processing. However, all requesting threads are blocked for 120 seconds until the exception is thrown.
Solution
To ensure that all threads are
not blocked during the context pool re-creation, you can configure
the following three custom properties to minimize the number of threads
or the exact number of threads to be blocked:
- minimizeContextPoolThreadBlock
- The minimizeContextPoolThreadBlock custom property
is used to define the thread-locking behavior when an LDAP server
is down and an attempt is made to read from the server. When the value
of the property is set to true, only a minimum number
of threads are blocked on read operation and the remaining threads
fail immediately without waiting. If the property is set to false,
every thread that makes the read requests is blocked until a context
is created to the requested LDAP or the context creation encounters
a timeout. The default time for context creation is 120 seconds.
Information Value Data type Boolean Default True
- maxThreadsToBlock
- The maxThreadsToBlock property is used along
with the minimizeContextPoolThreadBlock property.
When the minimizeContextPoolThreadBlock property
is set to true, maxThreadsToBlock determines
the maximum number of threads that must be blocked when an LDAP read
operation is performed.
Information Value Data type Integer Default 5
- bindTimeout
- The bindTimeout custom property specifies the
time that is taken to track the count of quick binds
in milliseconds. Any binds that take longer than
the specified time are added to the log if the trace log is enabled.
Information Value Data type Milliseconds Default 1000
You can define the value in milliseconds in the bindTimeout custom property to trace the bind timeout.
Use the setIdMgrCustomProperty command
to define these properties in the federated LDAP repository.
$AdminTask setIdMgrCustomProperty {-id <LDAP_repos_ID> -name minimizeContextPoolThreadBlock -value true}
$AdminTask setIdMgrCustomProperty {-id <LDAP_repos_ID> -name maxThreadsToBlock -value 5}
$AdminTask setIdMgrCustomProperty {-id <LDAP_repos_ID> -name bindTimeout -value <millseconds>}
where LDAP_repos_ID is
the repository ID of the LDAP configured in virtual member manager, millseconds is
to track the count of quick binds. The binds that
take longer than the specified time are added to the log if trace
log is enabled.You can save the configuration by using the
following command after the previous command is complete:
$AdminConfig save