Setting resource limits

You can set resource limits for the PingDirectoryProxy server using several global configuration properties as well as setting resource limits on specific client connection policies.

If you configure both global and client connection policy resource limits, the first limit reached is always honored. For example, if the server-wide maximum concurrent connections limit is reached, then all subsequent connections are rejected until existing connections are closed regardless of whether a client connection policy limit has been reached.

Setting global resource limits

You can specify the following types of global resource limits:

maximum-concurrent-connections: Specify the maximum number of client connections that can be established at any given time.

If the server already has the maximum number of connections established, then any new connection attempts from any clients are rejected until an existing connection is closed.

The default value of zero indicates that no limit is enforced.

maximum-concurrent-connections-per-ip-address: Specify the maximum number of client connections that can be established at any give time from the same client system.

If the server already has the maximum number of connections established from a given client, then any new connection attempts from that client are rejected until an existing connection from that client is closed. The server continues to accept connections from other clients that have not yet reached this limit.

The default value of zero indicates that no limit is enforced.

maximum-concurrent-connections-per-bind-dn: Specify the maximum number of client connections that can be established at any given time while authenticated as a particular user.

This property applies after the connection is established because the bind operation to authenticate the user happens after the connection is established rather than during the course of establishing the connection itself.

If a given user reaches the maximum number of connections, then any new attempt to authenticate as that user causes the connection performing the bind to be terminated.

This limit applies only to authenticated connections and isn’t enforced for clients that haven’t authenticated or for clients that have authenticated as the anonymous user.

The default value of zero indicates that no limit is enforced.

Any changes to the maximum-concurrent-connections and maximum-concurrent-connections-per-ip-address properties take effect only for new connections established after the change is made. Any change to the maximum-concurrent-connections-per-bind-dn property applies only to connections, including existing connections, that perform authentication after the change is made.

Existing connections are allowed to remain established even if that would cause the new limit to be exceeded.

Setting client connection policy resource limits

Configure resource limits in a client connection policy using the following properties of the client connection policy:

maximum-concurrent-connections: This property specifies the maximum number of client connections that can be associated with a specific client connection policy at any given time. After this limit has been reached, any further attempts to associate a connection with this client connection policy result in the termination of the connection.
maximum-connection-duration: This property specifies the maximum length of time that a connection associated with a particular client connection policy can persist. After this period, the connection is terminated.
maximum-idle-connection-duration: This property specifies the maximum time that a connection associated with a particular client connection policy can persist after the completion of the last operation processed on that connection. Any new operation requested on the connection resets the timer. Connections that are idle for longer than the specified time are terminated.
maximum-operation-count-per-connection: This property specifies the maximum number of operations that can be requested by any client connection associated with this client connection policy. Attempts to process more than this number of operations on the connection will terminate the connection.
maximum-concurrent-operations-per-connection: This property specifies the maximum number of concurrent operations for any connection. This property can be used to prevent a single client connection from monopolizing server processing resources by sending a large number of concurrent asynchronous requests.
maximum-connection-operation-rate: This property specifies the maximum rate at which a client associated with a specific client connection policy can issue requests to the PingDirectoryProxy server. If a client attempts to request operations at a rate higher than this limit, then the server behaves as described by the connection-operation-rate-exceeded-behavior property.
connection-operation-rate-exceeded-behavior: This property describes how the server should behave if a client connection attempts to exceed a rate defined in the maximum-connection-operation-rate property.
maximum-policy-operation-rate: This property specifies the maximum rate at which all clients associated with a particular client connection policy can issue requests to the PingDirectoryProxy server. If this limit is exceeded, then the server responds as specified in the policy-operation-rate-exceeded-behavior property.
policy-operation-rate-exceeded-behavior: This property specifies the behavior of the PingDirectoryProxy server if a client connection attempts to exceed the rate defined in the maximum-policy-operation-rate property.