In today's highly connected world, directory servers are the IT cornerstone of many businesses. These components of the corporate infrastructure are the foundation of authentication systems for internal, and more commonly, external user populations. Managing a directory server with several hundred internal users is not all that difficult. However, when managing a directory server with several million external users in all 24 time zones throughout the world is a much more daunting task.
IBM Security Directory Server is capable of handling millions of entries given the right architecture, configuration, and performance tuning—tunings that can differ greatly from that of a smaller server with only a few hundred thousand entries. Managing and tuning a directory server of this size requires a change in mindset: No longer can tuning be done after the fact. Tuning and performance must be a focus before the hardware is even ordered. A proactive role must be taken after installation as well, including pre-tuning steps to better interface with other products to make installations and migrations more successful, and regular maintenance to keep the directory well tuned and running smoothly.
This IBM Redpaper is the cumulation of lessons learned in many different real-world environments, including a 24-server fault tolerant configuration with over 300 million entries. The authors have pooled their collective knowledge and resources to provide the most comprehensive performance view possible, from hardware to software, sort heaps to buffer pools, and table cardinalities to explain plans. In large directory server deployments, use this document as an outline on how to get the right fit for your environment.
Table of contents
Chapter 1. Service level objectives and agreements
Chapter 2. Designing your directory for performance
Chapter 3. Does your directory have a cold? Time to do a health check
Chapter 4. Tools to help assist you with your DB2 tuning
Chapter 5. DB2 settings related to LDAP
Chapter 6. Using LDAP_MAXCARD and IBMSLAPD_USE_SELECTIVITY
Chapter 7. Tools and scripts
Chapter 8. RUNSTATS: Why you have to run this
Chapter 9. REORG: When and how you should run this
Chapter 10. LDAP searches and slow operations
Chapter 11. Indexes and direct I/O
Chapter 12. Disk striping and RAID
Chapter 13. Distributed directory
Chapter 14. LDAP replication information
Chapter 15. Adding a new LDAP server to an existing enclave
Appendix A. Special operating system tuning for Directory Server
Appendix B. How to apply fix packs to an LDAP server
Appendix C. DB2 UDB concepts and definitions
Appendix D. DB2 UDB quick reference guide
Appendix E. Directory Server backup and restore methods
Appendix F. Checklist
These pages are Web versions of IBM Redbooks- and Redpapers-in-progress. They are published here for those who need the information now and may contain spelling, layout and grammatical errors.
This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. Your feedback is welcomed to improve the usefulness of the material to others.
IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a customer responsibility and depends upon the customer's ability to evaluate and integrate them into the customer's operational environment.