How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure pooled connections for a connector in IDM (All versions)?

Last updated Apr 8, 2021

The purpose of this article is to provide information on configuring pooled connections for a connector in IDM. This information applies to all poolable connectors (such as the LDAP connector). Poolable connectors create another instance of the connection if one is not available when it needs to do an operation or if it needs to do multiple operations in parallel. Increasing the number of connector instances in the connection pool can improve reconciliation performance.


Configuring pooled connections

You can configure the settings used for pooled connections in your provisioner configuration file (for example, provisioner.openicf-ldap.json), which is located in the /path/to/idm/conf directory.

This file has a poolConfigOption section, with default settings as follows:

"poolConfigOption" : {        "maxObjects" : 10,         "maxIdle" : 10,         "maxWait" : 150000,         "minEvictableIdleTimeMillis" : 120000,         "minIdle" : 1     }

You can amend these settings as needed to configure how the pooled connections are used, where:

Setting Description
maxObjects The maximum number of instances permitted in the pool (total active and idle connections).
maxIdle The maximum number of idle instances allowed in the pool.
maxWait The maximum time (in milliseconds) that the pool waits for an instance to become available before timing out.
minEvictableIdleTimeMillis

In IDM 7 and later, a connection pool cleaner thread runs every minute and removes connections whose lastUsed time is larger than the minEvictableIdleTimeMillis. As such, the description for this setting varies between versions:

  • IDM 7 and later: The minimum period to wait (in milliseconds) before evicting an idle connector instance from the pool.
  • Pre-IDM 7: The maximum time, in milliseconds, that an object can be idle before it is removed. A value of 0 means that there is no idle timeout.

The default is 120000ms (2 minutes).

minIdle The minimum number of idle instances allowed in the pool. Once the idle timeout is reached, idle instances will be removed from the pool to bring the number of instances available down to the minIdle value. For example, if you set minIdle to 0, the pool would be emptied of idle instances when the idle timeout is reached.

You should bear the following in mind when adjusting these settings:

  • You should ensure maxObjects and maxIdle are always set to the same value to allow pooling to work efficiently and prevent excessive CPU usage. Failure to use the same value will cause excessive churn within the connector instance pool and cause an excessive number of new connections to be established.
  • You can increase maxObjects and maxIdle to increase the number of connector instances available. You should experiment to determine the best settings for your setup; a good starting point is to double these values to 20.
  • You should also increase the number of recontask threads as the number of connector instances increase. You can do this by increasing the value of the taskThreads property in the sync.json file to a value other than the default of 10. See Synchronization Guide › Running Parallel Reconciliation Threads for further information.

See Also

How do I identify reconciliation performance issues in IDM (All versions)?

Connectors Guide › Configure Connectors

Connectors Guide › Connection Pooling Configuration

Related Training

ForgeRock Identity Management Core Concepts (IDM-400)

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.