Configuring the LDAP connection pool

The LDAP service provider maintains a pool of connections and assigns them as needed. When a connection is closed, LDAP returns the connection to the pool for future use. This can improve performance significantly.

This page describes the site-wide settings for LDAP connection pooling in Crowd. 

The default implementation for LDAP connection pooling is using JNDI and the pool settings are set via system properties when starting Crowd.

JDK 8 vs. JDK 11

You configure the JDNI LDAP connection pool differently depending on your JDK version.

  • For JDK 8, you must use the system properties. The form in Crowd won't work.
  • For JDK 11, you must use the form in Crowd. The system properties won't work.

Depending on your JDK version, choose the right section below.

Configure the LDAP connection pool with JDK 8

Use these steps if you have JDK 8.

View the current configuration

You can view the current settings for LDAP connection pooling in Crowd.

To view the current configuration:

  1. Log in to the Crowd Administration Console.

  2. In the top navigation bar, select Administration.

  3. In the left-hand menu, select LDAP Connection Pool.

Configure the LDAP connection pool

To configure the JNDI connection pool:

  1. Go to <installation-directory>/bin, and edit the setenv.sh (Linux) or setenv.bat (Windows) file.

  2. Set the properties from the table below, for example: 

    -Dcom.sun.jndi.ldap.connect.pool.initsize=2
    -Dcom.sun.jndi.ldap.connect.pool.prefsize=1
    -Dcom.sun.jndi.ldap.connect.pool.maxsize=20

Pool properties

Setting

Crowd system property

Description

Default value

Initial pool size

com.sun.jndi.ldap.connect.pool.initsize

The number of LDAP connections created when initially connecting to the pool.

1

Preferred pool size

com.sun.jndi.ldap.connect.pool.prefsize

The optimal pool size. LDAP will remove idle connections when the number of connections grows larger than this value. A value of 0 (zero) means that there is no preferred size, so the number of idle connections is unlimited.

10

Maximum pool size

com.sun.jndi.ldap.connect.pool.maxsize

The max number of connections. When the number of connections reaches this value, LDAP will refuse further connections. As a result, requests made by an application to the LDAP server will be blocked. A value of 0 (zero) means that the number of connections is unlimited.

0

Pool timeout

com.sun.jndi.ldap.connect.pool.timeout

The length of time, in milliseconds, that a connection may remain idle before being removed from the pool. When the application is finished with a pooled connection, the connection is marked as idle, waiting to be reused.

The default value of 0 (zero) means that the idle time is unlimited, so connections will never be timed out.

We recommend that you change the value to 300000 millisecond to avoid issues.

Default: 0

Recommended:

30000

Pool protocol

com.sun.jndi.ldap.connect.pool.protocol

Only these protocol types are allowed to connect to LDAP. If you want to allow multiple protocols, enter the values separated by a space. Valid values are:

  • plain
  • ssl

plain ssl 
(Both plain and ssl)

Pool authentication

com.sun.jndi.ldap.connect.pool.authentication

Only these authentication types are allowed to connect to LDAP. If you want to allow multiple authentication types, enter the values separated by a space. See RFC 2829 for details of LDAP authentication methods. Valid values are:

  • none
  • simple
  • DIGEST-MD5

simple

Configure the LDAP connection pool with JDK 11

Use these steps if you have JDK 11.

View the current configuration

You can view the current settings for LDAP connection pooling in Crowd.

To view the current configuration:

  1. Log in to the Crowd Administration Console.

  2. In the top navigation bar, select Administration.

  3. In the left-hand menu, select LDAP Connection Pool.

Configure the LDAP connection pool

To configure the JNDI connection pool:

  1. Log in to the Crowd Administration Console.

  2. In the top navigation bar, select Administration.

  3. In the left-hand menu, select LDAP Connection Pool.

  4. The LDAP Connection Pool screen appears. Enter the details for each setting, as described in the table below.
  5. Select Update.
  6. Restart Crowd to put the changes into effect.

Pool properties

Connection Pool Setting

Description

Default Value

Initial Pool Size

The number of LDAP connections created when initially connecting to the pool.

1

Preferred Pool Size

The optimal pool size. LDAP will remove idle connections when the number of connections grows larger than this value. A value of 0 (zero) means that there is no preferred size, so the number of idle connections is unlimited.

10

Maximum Pool Size

The maximum number of connections. When the number of connections reaches this value, LDAP will refuse further connections. As a result, requests made by an application to the LDAP server will be blocked. A value of 0 (zero) means that the number of connections is unlimited.

0

Pool Timeout

The length of time, in seconds, that a connection may remain idle before being removed from the pool. When the application is finished with a pooled connection, the connection is marked as idle, waiting to be reused. A value of 0 (zero) means that the idle time is unlimited, so connections will never be timed out.

30

Pool Protocol

Only these protocol types are allowed to connect to LDAP. If you want to allow multiple protocols, enter the values separated by a space. Valid values are:

  • plain
  • ssl

plain ssl
(Both plain and ssl)

Pool Authentication

Only these authentication types are allowed to connect to LDAP. If you want to allow multiple authentication types, enter the values separated by a space. See RFC 2829 for details of LDAP authentication methods. Valid values are:

  • none
  • simple
  • DIGEST-MD5

simple

Last modified on Jun 5, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.