OID Performance Tuning

OID Performance Tuning

Oracle Internet Directory is highly scalable and manageable in terms of performance tuning as per the hardware resources and high availability configurations.
In this blog I will explain the parameters which can improve the performance of OID.

1. Database Parameters:
                                Recommended values
sga_target,sga_max_size            upto 60-70% of the available
                                   RAM for database machine
db_cache_size                    upto 60-70% of the available 
                                   RAM for database machine
shared_pool_size                  500M
session_cached_cursors            100
processes                        500
pga_aggregate_target              1-4GB
job_queue_processes               1 or more
max_commit_propagation_delay       99 or lower


2. LDAP Server Attributes:
                                  Recommended values
orclmaxcc                        10 - Number of DB Connections 
                                   per Server Processes
orclserverprocs                   4 - Number of OID LDAP Server 
                                   Processes which should be 
                                   equal to the number of cpu 
                                   cores on the system
orclgeneratechangelog             0 - Disables change log 
                                   generation
orclldapconntimeout               60 - LDAP Connection Timeout
orclmatchdenabled                 0 - Enable MatchDN Processing



3. OID Authenticator Parameters:
    If you have configured Oracle Internet Directory Authenticator in myrealm to retrieve users from OID, following parameters can be changed to optimize the performance:
                                            
                                   Recommended values
Group Membership Searching         limited
Connection Pool Size              120
Connect Timeout                  120
Cache Size                       51200
Cache TTL                        300

4. jps-config Parameters

    If the weblogic server is reassociated to an OID and the application policies are stored in it, following parameters should be added in policystore.ldap serviceInstance in jps-config.xml to make the retrieval of policies faster by caching them.

    <property name="oracle.security.jps.policystore.rolemember.cache.type" value="STATIC"/>
    <property name="oracle.security.jps.policystore.rolemember.cache.strategy" value="NONE"/>
    <property name="oracle.security.jps.policystore.rolemember.cache.size" value="100"/>
    <property name="oracle.security.jps.policystore.policy.lazy.load.enable" value="true"/>
    <property name="oracle.security.jps.policystore.policy.cache.strategy" value="NONE"/>
    <property name="oracle.security.jps.policystore.policy.cache.size" value="1000000"/>
    <property name="oracle.security.jps.policystore.refresh.enable" value="true"/>
    <property name="oracle.security.jps.policystore.refresh.purge.timeout" value="43200000"/>
    <property name="oracle.security.jps.ldap.policystore.refresh.interval" value="6000000"/>
    <property name="oracle.security.jps.policystore.rolemember.cache.warmup.enable" value="true"/>
    <property name="connection.pool.min.size" value="120"/>
    <property name="connection.pool.max.size" value="120"/>
    <property name="connection.pool.provider.type" value="IDM"/>
    <property name="connection.pool.timeout" value="300000"/>
    <property name="connection.pool.provider.type" value="5"/>

   OID and weblogic server restarts are required after modifying the above parameters. They can still be optimized depending on the availability of the hardware resources.
   Ref : http://docs.oracle.com/cd/E23943_01/core.1111/e10108/oid.htm