PingDirectory

Using the entry cache to improve the performance of large static groups

The PingDirectory server provides an entry cache implementation, which allows for fine-grained control over entries that are held in the cache.

You can define filters to specify the entries included in or excluded from the cache, and you can restrict the cache so that it holds only entries with at least a specified number of values for a given set of attributes.

For most circumstances, use the PingDirectory server without an entry cache. In most cases, the server efficiently retrieves and decode entries from the database. The database cache is more space-efficient than the entry cache, and heavy churn in the entry cache can adversely impact garbage collection behavior.

Entry caches with large static groups

If the PingDirectory server contains large static groups, such as those containing thousands or millions of members, and clients need to frequently retrieve or otherwise interact with these groups, enable an entry cache that holds only large static groups.

In servers containing large static groups, define an entry cache to hold only those large static groups. To define this entry cache, include a filter that matches only group entries, as shown in the following example.

(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfEntries))

The filter contains a minimum value count so that only groups with a large number of members, such as those with at least 100 member or uniqueMember values are included. By default, the PingDirectory server entry cache implementation with these settings is disabled. To use this implementation, you must enable these settings.

Enabling the entry cache

Steps

  • To enable the entry cache, use the dsconfig tool.

    Example:

    $ bin/dsconfig set-entry-cache-prop --cache-name "Static Group Entry Cache" \
      --set enabled:true

Creating your own entry cache for large groups

Steps

  • To create your own entry cache for large groups, use the dsconfig create-entry-cache subcommand.

    Example:

    # bin/dsconfig create-entry-cache --type fifo \
      --set enabled:true \
      --set cache-level:10 \
      --set max-entries:175000 \
      --set "include-filter:(objectClass=groupOfUniqueNames)" \
      --set min-cache-entry-value-count:10000 \
      --set min-cache-entry-attribute:uniquemember

Monitoring the entry cache

Steps

  • To monitor the memory consumed by your entry cache, use the entry-cache-info property in the periodic stats logger.

    • To retrieve the monitor entry over LDAP, issue a search on baseDN="cn=monitor" using filter="(objectClass=ds-fifo-entry-cache-monitor-entry)".

      By default, the entry cache memory is set to 75% with a maximum of 90%.

      Example:

      dn: cn=Static Group Entry Cache Monitor,cn=monitor
      objectClass: top
      objectClass: ds-monitor-entry
      objectClass: ds-fifo-entry-cache-monitor-entry
      objectClass: extensibleObject
      cn: Static Group Entry Cache Monitor
      cacheName: Static Group Entry Cache
      entryCacheHits: 6416407
      entryCacheTries: 43069073
      entryCacheHitRatio: 14
      maxEntryCacheSize: 12723879900
      currentEntryCacheCount: 1
      maxEntryCacheCount: 175000
      entriesAddedOrUpdated: 1
      evictionsDueToMaxMemory: 0
      evictionsDueToMaxEntries: 0
      entriesNotAddedAlreadyPresent: 0
      entriesNotAddedDueToMaxMemory: 0
      entriesNotAddedDueToFilter: 36652665
      entriesNotAddedDueToEntrySmallness: 0
      lowMemoryOccurrences: 0
      percentFullMaxEntries: 0
      jvmMemoryMaxPercentThreshold: 75
      jvmMemoryCurrentPercentFull: 24
      jvmMemoryBelowMaxMemoryPercent: 51
      isFull: false
      capacityDetails: NOT FULL: The JVM is using 24% of its available memory. Entries can be
      added to the cache until the overall JVM memory usage reaches the configured limit of
      75%. Cache has 174999 remaining entries before reaching the configured limit of 175000.