Unable to authenticate errors - SLAPD: Increasing thread pool used to process LDAP operations through the thread configuration parameter.

Document ID : KB000055385
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When a command is sent to eTrust Admin Server (SLAPD) which is intended for a managed z/OS endpoint, the eTrust Admin Server backend will perform a second bind to SLAPD in order to direct the request to the appropriate z/OS backend.

If a heavy load of z/OS bound requests is being placed on the Admin Server, it is possible that the number of available threads to process LDAP operations will become exhausted, resulting in "Unable to authenticate" errors being returned.

Solution:

The threads configuration parameter controls the size of the pool of threads used to process LDAP operations.

The parameter is located in the eta_slapd.conf and eta_connector.conf files under %ETAHOME%\Data folder

The default value for this parameter is 200.

Depending on the server and its available resources, performance may be improved by either lowering or raising this default value.

Be aware that a too high value may cause resource exhaustion and/or significant resource contention.

Increasing this value may alleviate the "Unable to authenticate" errors generated when placing large number of z/OS bound requests to the Admin Server.

lternatively, building a delay in the inbound traffic can also be used to throttle the load placed on SLAPD.