Using the entry cache to improve the performance of large static groups
The PingDirectory server provides an entry cache implementation, which allows for fine-grained control over entries that are held in the cache.
You can define filters to specify the entries included in or excluded from the cache, and you can restrict the cache so that it holds only entries with at least a specified number of values for a given set of attributes.
For most circumstances, use the PingDirectory server without an entry cache. In most cases, the server efficiently retrieves and decode entries from the database. The database cache is more space-efficient than the entry cache, and heavy churn in the entry cache can adversely impact garbage collection behavior.
Entry caches with large static groups
If the PingDirectory server contains large static groups, such as those containing thousands or millions of members, and clients need to frequently retrieve or otherwise interact with these groups, enable an entry cache that holds only large static groups.
In servers containing large static groups, define an entry cache to hold only those large static groups. To define this entry cache, include a filter that matches only group entries, as shown in the following example.
(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfEntries))
The filter contains a minimum value count so that only groups with a large number of members, such as those with at least 100 member
or uniqueMember
values are included. By default, the PingDirectory server entry cache implementation with these settings is disabled. To use this implementation, you must enable these settings.
Enabling the entry cache
Steps
-
To enable the entry cache, use the
dsconfig
tool.Example:
$ bin/dsconfig set-entry-cache-prop --cache-name "Static Group Entry Cache" \ --set enabled:true
Creating your own entry cache for large groups
Steps
-
To create your own entry cache for large groups, use the
dsconfig create-entry-cache
subcommand.Example:
# bin/dsconfig create-entry-cache --type fifo \ --set enabled:true \ --set cache-level:10 \ --set max-entries:175000 \ --set "include-filter:(objectClass=groupOfUniqueNames)" \ --set min-cache-entry-value-count:10000 \ --set min-cache-entry-attribute:uniquemember
Monitoring the entry cache
Steps
-
To monitor the memory consumed by your entry cache, use the
entry-cache-info
property in the periodic stats logger.-
To retrieve the monitor entry over LDAP, issue a search on
baseDN="cn=monitor"
usingfilter="(objectClass=ds-fifo-entry-cache-monitor-entry)"
.By default, the entry cache memory is set to 75% with a maximum of 90%.
Example:
dn: cn=Static Group Entry Cache Monitor,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-fifo-entry-cache-monitor-entry objectClass: extensibleObject cn: Static Group Entry Cache Monitor cacheName: Static Group Entry Cache entryCacheHits: 6416407 entryCacheTries: 43069073 entryCacheHitRatio: 14 maxEntryCacheSize: 12723879900 currentEntryCacheCount: 1 maxEntryCacheCount: 175000 entriesAddedOrUpdated: 1 evictionsDueToMaxMemory: 0 evictionsDueToMaxEntries: 0 entriesNotAddedAlreadyPresent: 0 entriesNotAddedDueToMaxMemory: 0 entriesNotAddedDueToFilter: 36652665 entriesNotAddedDueToEntrySmallness: 0 lowMemoryOccurrences: 0 percentFullMaxEntries: 0 jvmMemoryMaxPercentThreshold: 75 jvmMemoryCurrentPercentFull: 24 jvmMemoryBelowMaxMemoryPercent: 51 isFull: false capacityDetails: NOT FULL: The JVM is using 24% of its available memory. Entries can be added to the cache until the overall JVM memory usage reaches the configured limit of 75%. Cache has 174999 remaining entries before reaching the configured limit of 175000.
-