IDM apps ldap connections
I upgraded IDM from 4.7.x to 184.108.40.206 a couple weeks ago and now I am seeing many more ldap connections from the user apps (with sspr) to edirectory. I have had to restart tomcat after it hit the max open file limit for novlua (4096) due to the ldap connections. Has anyone noticed something similar? Has anyone change the com.novell.ldap.timeout from the default of 600000? Are there other settings that need to be changed?
Here is a screenshot of the active tcp connections on one server. The vast majority are ldaps connections.
The upgrade was done 12/19, where you start to see more time_waits. Today has been pretty steady around 2000 connections, but that is quite a bit more than previously. Is this an issue to fix or should I just increase the max open file limits?
I am still seeing more connections than before. This is the other server:
I will probably up the max open files so that it doesn't crash.
How much JVM memory are people running with? I have non-prod set to 2gb and prod set to 3gb. With a weekly restart non-prod seems to be having some memory issues. I have a daily restart for production and that seems ok. It feels like 4.8 takes more memory thus far. I haven't found any best practices around how much IDM apps requires. We have around 2000 roles, 25k users, and just a handful of workflows. The SOAP API is used pretty heavily by a custom management app and I think that may be part of the memory issues.
In the last couple of 4.8 builds, the workflow engine, which used to be part of IDMProv.war is now carved out into workflow.war. And then for the SOAP functions, there is some kind of bridge between the two, since the SOAP endpoints remain in IDMProv, but they get translated into REST (with occasional missed bugs) that get sent to Workflow, to then come back as SOAP.