Vice Admiral
Vice Admiral
191 views

IDM apps ldap connections

Hello,

I upgraded IDM from 4.7.x to 4.8.2.1 a couple weeks ago and now I am seeing many more ldap connections from the user apps (with sspr) to edirectory.  I have had to restart tomcat after it hit the max open file limit for novlua (4096) due to the ldap connections.  Has anyone noticed something similar?  Has anyone change the com.novell.ldap.timeout from the default of 600000?  Are there other settings that need to be changed?

Here is a screenshot of the active tcp connections on one server.  The vast majority are ldaps connections.

 
 

Annotation 2021-01-04 161734.jpg

 

The upgrade was done 12/19, where you start to see more time_waits.  Today has been pretty steady around 2000 connections, but that is quite a bit more than previously.  Is this an issue to fix or should I just increase the max open file limits?

Thanks,
Jeremiah

 

2 Replies
Vice Admiral
Vice Admiral

I am still seeing more connections than before.  This is the other server:

 

Annotation 2021-01-12 110611.jpg

I will probably up the max open files so that it doesn't crash.

 

How much JVM memory are people running with?  I have non-prod set to 2gb and prod set to 3gb.  With a weekly restart non-prod seems to be having some memory issues.  I have a daily restart for production and that seems ok.  It feels like 4.8 takes more memory thus far.  I haven't found any best practices around how much IDM apps requires.  We have around 2000 roles, 25k users, and just a handful of workflows.  The SOAP API is used pretty heavily by a custom management app and I think that may be part of the memory issues.

Thanks,
Jeremiah

 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

In the last couple of 4.8 builds, the workflow engine, which used to be part of IDMProv.war is  now carved out into workflow.war. And then for the SOAP functions, there is some kind of bridge between the two, since the SOAP endpoints remain in IDMProv, but they get translated into REST (with occasional missed bugs) that get sent to Workflow, to then come back as SOAP.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.