Performance tuning on OID - Consolidated Details
OID_Perf_Reco_1: Set DSA config to skip referrals
This is applicable when there are no referrals setup in OID.
By default this capability IS ENABLED and severely impacts performance when large groups (>200K) or large number of nested groups are involved.
Definition: A referral is a special type of entry that when obtained in a search, it contains the location of the actual entry, which could be in another part of the directory tree or even in another ldap server altogether. Unless you have specifically set-up referrals you most likely do not have any.
Confirm, there is no "Referrals" in place in OID:
ldapsearch -h mkkoidserver1 -p XXXX -D "cn=orcladmin" -w "xxxxxxxxxxxxx" -s sub -b "" objectclass=referral
If this doesn't return any rows then, there are no referrals in place.
Set the value of orclskiprefinsql in DSA config, to 1. This would make DSA config to skip referrals.
ldapmodify -h mkkoidserver1 -p XXXX -D cn=orcladmin -w xxxxxxxxxxxxx << eof
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclskiprefinsql
orclskiprefinsql: 1
eof
OID_Perf_Reco_2: orclinmemfiltprocess is very expensive on Oracle Database
This attribute can help significantly with the performance of certain types of search operations. It has been identified to be particularly useful with OAM, as some of the searches OAM performs can be especially expensive in the database without the use of "orclinmemfiltprocess".
ldapmodify -h mkkoidserver1 -p XXXX -D "cn=orcladmin" -w "xxxxxxxxxxxxx" -v <EOF
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclinmemfiltprocess
orclinmemfiltprocess:(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=activated))
orclinmemfiltprocess:(|(obuseraccountcontrol=activated)(!(obuseraccountcontrol=*)))
orclinmemfiltprocess:(obapp=groupservcenter)(!(obdynamicparticipantsset=*))
orclinmemfiltprocess:(objectclass=oblixworkflowinstance)
orclinmemfiltprocess:(objectclass=inetorgperson)
orclinmemfiltprocess:(objectclass=oblixorgperson)
orclinmemfiltprocess:(objectclass=oblixworkflowstepinstance)
EOF
For OID 11g it should come as default, cross check and apply, it it applicable for you.
OID_Perf_Reco_3: Run oidstats.sql Regularly as part of daily housekeeping/maintenance
Run oidstats.sql any-time large updates are made to the OID. For large Active Directories, where changes are very frequent, and AD to OID to synchronisation is enabled, this is a very good option to perform on regular basis.
. $HOME/oidenv.sh
cd $MW_HOME/Oracle_IDM1/ldap/admin
sqlplus ods/xxxxxxxxxxxxx@OIDDB
START oidstats.sql;
Remove Dangling DNs: http://mkkoracleapps.blogspot.co.uk/2013/10/remove-dangling-dns-from-oid.html
OID_Perf_Reco_1: Set DSA config to skip referrals
This is applicable when there are no referrals setup in OID.
By default this capability IS ENABLED and severely impacts performance when large groups (>200K) or large number of nested groups are involved.
Definition: A referral is a special type of entry that when obtained in a search, it contains the location of the actual entry, which could be in another part of the directory tree or even in another ldap server altogether. Unless you have specifically set-up referrals you most likely do not have any.
Confirm, there is no "Referrals" in place in OID:
ldapsearch -h mkkoidserver1 -p XXXX -D "cn=orcladmin" -w "xxxxxxxxxxxxx" -s sub -b "" objectclass=referral
If this doesn't return any rows then, there are no referrals in place.
Set the value of orclskiprefinsql in DSA config, to 1. This would make DSA config to skip referrals.
ldapmodify -h mkkoidserver1 -p XXXX -D cn=orcladmin -w xxxxxxxxxxxxx << eof
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclskiprefinsql
orclskiprefinsql: 1
eof
OID_Perf_Reco_2: orclinmemfiltprocess is very expensive on Oracle Database
This attribute can help significantly with the performance of certain types of search operations. It has been identified to be particularly useful with OAM, as some of the searches OAM performs can be especially expensive in the database without the use of "orclinmemfiltprocess".
ldapmodify -h mkkoidserver1 -p XXXX -D "cn=orcladmin" -w "xxxxxxxxxxxxx" -v <EOF
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclinmemfiltprocess
orclinmemfiltprocess:(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=activated))
orclinmemfiltprocess:(|(obuseraccountcontrol=activated)(!(obuseraccountcontrol=*)))
orclinmemfiltprocess:(obapp=groupservcenter)(!(obdynamicparticipantsset=*))
orclinmemfiltprocess:(objectclass=oblixworkflowinstance)
orclinmemfiltprocess:(objectclass=inetorgperson)
orclinmemfiltprocess:(objectclass=oblixorgperson)
orclinmemfiltprocess:(objectclass=oblixworkflowstepinstance)
EOF
For OID 11g it should come as default, cross check and apply, it it applicable for you.
OID_Perf_Reco_3: Run oidstats.sql Regularly as part of daily housekeeping/maintenance
Run oidstats.sql any-time large updates are made to the OID. For large Active Directories, where changes are very frequent, and AD to OID to synchronisation is enabled, this is a very good option to perform on regular basis.
. $HOME/oidenv.sh
cd $MW_HOME/Oracle_IDM1/ldap/admin
sqlplus ods/xxxxxxxxxxxxx@OIDDB
START oidstats.sql;
Remove Dangling DNs: http://mkkoracleapps.blogspot.co.uk/2013/10/remove-dangling-dns-from-oid.html