Configure Siteminder Policy Server Connections to User Directories
Article ID: 378592
Updated On:
Products
Issue/Introduction
Traditionally, the Siteminder Policy Server opened a single set of LDAP connections from the LDAP driver to the LDAP User Store. A set of connections consists of:
1 Query Connection
1 IsAlive (ping) connection
1 Bind Connection
In order to add more connections, additional servers would need to be defined in the connection properties of the Siteminder User Directory.
Environment
PRODUCT: Siteminder
VERSION: r12.8.7 and higher
OPERATING SYSTEM: Any
LDAP User Directory: Any
LDAP NAMESPACE: both AD and LDAP
Resolution
In the Siteminder r12.8.7 Policy Server the functionality was added to define the number of connections to the User Store.
Attribute: Pool Size
Default Value: 1
Max Value: 32
By modifying the value of the Pool Size attribute on the user directory, you will define how many LDAP connections will be opened for each server defined in the user directory. The maximum this value can be set to is 32. Setting this value to 32 will open 32 LDAP connections per server defined in the user directory.
To configure more connections, you will need to add a second server name to the connection properties. The additional server name can be the same name or IP address listed twice. You can also configure alias' and define the alias' instead.
There is an additional attribute which will control how the connections are closed on failure.
Close Related Connection On Failure = Enabled | Disabled
Enabled: The Policy Server closes ALL LDAP connections with the same host name/IP Address when one of the connections fails.
Disabled: The Policy Server only closes the LDAP connections which fail. Other connections to the same host name/IP address are left open until each specifically fails.
This feature prevents the policy server from unnecessarily tearing down and rebuilding good connections simply because one connection fails. Tearing down all connections may adversely impact performance in a busy environment as it introduces a bottleneck as Normal Priority threads are waiting for an available LDAP Connection.
Additional Information
Feedback
