Adaptive Server version 12.5.4 introduces a number of new sp_ldapadmin options to enhance robustness.
Maximum ldapua native threads per engine set_max_ldapua_native_threads sets the maximum number of native threads that can be running concurrently in an engine processing an LDAP authentication request.
sp_ldapadmin 'set_max_ldapua_native_threads',
'an integer'
The minimum value of set_max_ldapua_native_threads is 1. The maximum value is max native threads minus number of dump threads as specified using sp_configure.The default value is the same as the maximum value.
sp_configure ensures that max native threads is sufficient for set_max_ldapua_native_threads and the value of the configuration parameter number of dump threads.
LDAP request timeout set_timeout sets the time in milliseconds that Adaptive Server waits for a response from the LDAP server before abandoning the authentication request.
You can set this option by entering:
sp_ldapadmin, 'set_timeout', 'time_in_milli_seconds'
The default value for set_timeout is 10,000 milliseconds (10 seconds.) Valid values are between 1 and 3,600,000 (one hour.)
Abandon LDAP authentication when full set_abandon_ldapua_when_full allows you to seek alternative means of LDAP user authentication when the native threads per engine capacity is exceeded.
When no more threads are available, the request is abandoned if set_abandon_ldapua_when_full is set to true. If enable ldap user auth is set to 1, the client is authenticated using Adaptive Server syslogins. If enable ldap user auth is set to 2, the client login fails.
If set_abandon_ldapua_when_full is set to false, the authentication request is blocked until the LDAP descriptor can accept new authentication requests.
To set set_abandon_ldapua_when_full, enter:
sp_ldapadmin 'set_abandon_ldapua_when_full', 'true | false'
The default value is false. Valid values are true and false.
LDAP descriptors per engine The login sequence of searched DN algorithm requires Adaptive Server to bind to the LDAP server using the access account before it can perform searches. Adaptive Server obtains an LDAP descriptor (handle) as a result of the bind. This descriptor is used for searching the DN of the login on the LDAP server.
In Adaptive Server versions earlier than 12.5.4, there was only one descriptor per engine. While this descriptor was being used to perform a search by an incoming connection, other connections waited for the descriptor to become available. Adaptive Server version 12.5.4 can open up to 20 descriptors per engine. This provides improved concurrency and login performance.
For information about the searched DN algorithm, see “Searched DN algorithm”.
