There are two main parameters for enabling caching. They can be found on the configuration page for each Security Manger.
Only Security Managers using the MLDAP ESM Module currently make use of these values. The two parameters are:
- Cache TTL
- This determines how long, in seconds, a cache entry will be kept. When a cache entry is stored longer than this time, it is
ignored and removed from the cache when space is required for a new entry. This setting can be used to ensure that any expired
result can only last for the given amount of time, and that old results are discarded to make way for new ones.
- Cache limit
- This is the approximate size, in kB, of the cache for each process. Because LDAP search results vary widely in size, based
on the search parameters and number of results which, for many searches depends on your organization's security configuration.
It is not possible to predict how many entries will fit into the cache at any time. Instead, the cache limit should strike
a balance between large enough to be useful, but not so large that it strains process or system resources or causes high overhead
in searching or updating the cache.
The best values for these parameters depend on your particular application mix. If your applications use many different Mainframe
Subsystem Support (MSS) resources, or you have many users, user groups, or resource access rules, they may benefit from a
larger cache, but larger caches also take longer to search.
The
Cache TTL should be set relatively high if you want caching to be effective for processes that run relatively infrequently, such as
less-active SEPs. Balanced with your tolerance for the duration an Enterprise Server can be allowed to use out-of-date security
information.
Note: In some cases, cache entries are automatically discarded. See
Understanding LDAP Caching for more information.
A 16 KB cache limit and 300-second TTL are typically a good starting point.