How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure pooled connections for a connector in IDM (All versions)?

Last updated Jan 19, 2023

The purpose of this article is to provide information on configuring pooled connections for a connector in IDM. This information applies to all poolable connectors (such as the LDAP connector). Poolable connectors create another instance of the connection if one is not available when it needs to do an operation or if it needs to do multiple operations in parallel. Increasing the number of connector instances in the connection pool can improve reconciliation performance.

Configuring pooled connections

You can configure the settings used for pooled connections in your provisioner configuration file (for example, provisioner.openicf-ldap.json), which is located in the /path/to/idm/conf directory.

This file has a poolConfigOption section, with default settings as follows:

"poolConfigOption" : {        "maxObjects" : 10,         "maxIdle" : 10,         "maxWait" : 150000,         "minEvictableIdleTimeMillis" : 120000,         "minIdle" : 1     }

You can amend these settings as needed to configure how the pooled connections are used, where:

Setting Description
maxObjects The maximum number of connector instances permitted in the pool (total active and idle connections).
maxIdle The maximum number of idle connector instances allowed in the pool.
maxWait The maximum time (in milliseconds) that the pool waits for a connector instance to become available before timing out.
minEvictableIdleTimeMillis

In IDM 7 and later, a connection pool cleaner thread runs every minute and removes connections where the lastUsed time is larger than the minEvictableIdleTimeMillis. As such, the description for this setting varies between versions:

  • IDM 7 and later: The minimum period to wait (in milliseconds) before evicting an idle connector instance from the pool.
  • IDM 6.x: The maximum time, in milliseconds, that an object can be idle before it is removed. A value of 0 means that there is no idle timeout.

The default is 120000ms (2 minutes).
minIdle The minimum number of idle connector instances allowed in the pool. Once the idle timeout is reached, idle connector instances are removed from the pool to bring the number of connector instances available down to the minIdle value. For example, if you set minIdle to 0, the pool is emptied of idle connector instances when the idle timeout is reached.

You should bear the following in mind when adjusting these settings:

  • You should ensure maxObjects and maxIdle are always set to the same value to allow pooling to work efficiently and prevent excessive CPU usage. Failure to use the same value will cause excessive churn within the connector instance pool and cause an excessive number of new connections to be established.
  • You can increase maxObjects and maxIdle to increase the number of connector instances available. You should experiment to determine the best settings for your setup; a good starting point is to double these values to 20.
  • You should also increase the number of recontask threads as the number of connector instances increase. You can do this by increasing the value of the taskThreads property in the sync.json file to a value other than the default of 10. See Parallel reconciliation threads for further information.

See Also

Long delays when syncing changes to IDM (All versions) using the LDAP connector

How do I identify reconciliation performance issues in IDM (All versions)?

Configure connectors

Connection pooling configuration

Related Training

ForgeRock Identity Management Deep Dive (IDM-420)

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.