PingDirectory

Installing a lightweight server

Users who want to demo or test a lightweight version of the PingDirectory server on a memory-restricted machine can do so by removing all unused or unneeded configuration objects.

All configuration entries, whether enabled or not, take up some amount of memory to hold the definition and listeners that are notified of changes to those objects.

The configuration framework does not allow you to remove objects that are referenced, and in some cases if you have one configuration object referencing another but really do not need it, then you must first remove the reference to it. If you try to remove a configuration object that is referenced, both dsconfig and the administrative console should prevent you from removing it and tell you what still references it.

Depending on your test configuration, some example configuration changes that can be made are as follows:

Reduce the number of worker threads

Each thread has a stack associated with it, and that consumes memory. If you’re running a bare-bones server, then you probably do not have enough load to require a lot of worker threads.

$ bin/dsconfig set-work-queue-prop \
  --set num-worker-threads:8 \
  --set num-administrative-session-worker-threads:4 \
  --set max-work-queue-capacity:100
Reduce the percentage of JVM memory used for the JE database cache

When you have a memory-constrained environment, you want to ensure that as much of the memory that is there is available for use during processing and not tied up caching database contents.

$ bin/dsconfig set-backend-prop --backend-name userRoot --set db-cache-percent:5
Disable the Dictionary Password Validator

The Dictionary Password Validator takes a lot of memory to hold its dictionary. Disabling it frees up some memory. You can delete the other password validators if not needed, such as Attribute Value, Character Set, Length-based, Repeated Characters, Similarity-based, or Unique Characters Password Validator.By default, the Dictionary Password Validator is referenced by the Secure Password Policy and the Root Password Policy. Therefore, you must first enter the following commands to update the password policies so that they no longer reference the validator.

$ bin/dsconfig set-password-policy-prop --policy-name "Secure Password Policy" --remove password-validator:Dictionary
$ bin/dsconfig set-password-policy-prop --policy-name "Root Password Policy" --remove password-validator:Dictionary

Then, you can disable the Dictionary Password Validator by using the following command.

$ bin/dsconfig delete-password-validator --validator-name Dictionary
Disable the Commonly-Used Passwords Validator

The Commonly-Used Passwords Validator loads a relatively large dictionary of banned passwords into memory. By default, this validator is referenced by the Secure Password Policy and the Root Password Policy. Therefore, you must first enter the following commands to update the password policies so that they no longer reference the validator.

$ bin/dsconfig set-password-policy-prop --policy-name "Secure Password Policy" --remove password-validator:Commonly-Used Passwords
$ bin/dsconfig set-password-policy-prop --policy-name "Root Password Policy" --remove password-validator:Commonly-Used Passwords

Then, you can disable the Commonly-Used Passwords Validator by using the following command.

$ bin/dsconfig delete-password-validator --validator-name Commonly-Used Passwords

There are other items that can be removed, depending on your desired configuration. Contact your authorized support provider for assistance.