The Entry Balancing Request Processor may be used to distribute entries under a common parent entry among multiple backend sets. A backend set is a collection of replicated Directory Server instances containing an identical portion of the data. Note that the Entry Balancing Request Processor only supports proxying request processors as subordinate request processors.
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The Entry Balancing Request Processor component inherits from the Intermediate Request Processor
The following components have a direct composition relation from Entry Balancing Request Processors:
The properties supported by this managed object are as follows:
| Description | A description for this Request Processor |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Entry Balancing Request Processor is enabled for use in the Directory Proxy Server. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | Enabling an Entry Balancing Request Processor will cause the Directory Proxy Server to load indexes from backend servers which may take a long time, in which case this tool may take a long time to return and even longer if multiple servers are being updated |
| Description | Specifies the types of operations that this Request Processor may be requested to process. |
| Default Value | abandon add bind compare delete extended modify modify-dn search |
| Allowed Values | abandon - This Request Processor may be used to process abandon operations. add - This Request Processor may be used to process add operations. bind - This Request Processor may be used to process bind operations. compare - This Request Processor may be used to process compare operations. delete - This Request Processor may be used to process delete operations. extended - This Request Processor may be used to process extended operations. modify - This Request Processor may be used to process modify operations. modify-dn - This Request Processor may be used to process modify DN operations. search - This Request Processor may be used to process search operations. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the request processors that will handle the requests received by this Intermediate Request Processor. |
| Default Value | None |
| Allowed Values | The DN of any Request Processor. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the DN of the entry below which the data is balanced. Entries below this node are balanced across multiple backend sets. Entries which are not below this node are duplicated in all the backend sets configured for this Entry Balancing Request Processor. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the percentage of JVM memory to allocate to the global indexes. Specifies the percentage of memory available to the JVM that should be used for the global indexes. |
| Default Value | 70 |
| Allowed Values | An integer value. Lower limit is 1. Upper limit is 90 . |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether an error message should be logged when a potential duplicate value is discovered in the global index. A message is logged when a value is written to the global index referencing a different backend server set to the one previously referenced, which usually indicates that the entry or value exists in multiple backend sets. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies which servers are searched to ensure that an entry to be added does not already exist. When a new entry is to be placed into a backend set, the Directory Proxy Server must search at least one server from each backend set to ensure that the entry does not already exist in a backend set. If a client attempts to add the same entry in quick succession, it may be necessary to search all the servers from each backend set in order to prevent duplicate entries. |
| Default Value | all-servers |
| Allowed Values | one-server - Only one server from each backend set will be searched. all-servers - All servers will be searched in each backend set. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
broadcast-updates-above-balancing-point
| Description | Indicates how update operations are processed for entries above the entry balancing base DN. If this property is set to true, then those update operations are forwarded to a backend server from each of the backend sets. If this property is set to false, then those update operations are forwarded to just one backend server from one of the backend sets. The property should be set to false if the entries above the entry balancing base DN are replicated by the backend servers across all backend sets. If the entry balancing base DN is the same as the subtree view base DN for this request processor then there are no entries above the entry balancing base DN and the value of this property is immaterial. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
rebalancing-queue-maximum-size
| Description | Specifies the maximum number of outstanding entry rebalancing requests that are allowed. This provides a way to throttle the number of entries moved as a result of rebalancing. |
| Default Value | 1000 |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
prime-all-indexes (Advanced Property)
| Description | Indicates whether to prime all indexes associated with this request processor, or to only prime the specified set of indexes (as configured by the prime-rdn-index property, and the prime-index property in the global attribute index definition for attribute indexes). |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
prime-rdn-index (Advanced Property)
| Description | Indicates whether to prime the RDN index of the global index. This property is ignored if the prime-all-indexes property is set to true. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
prime-index-source (Advanced Property)
| Description | Specifies the allowed sources of data for index priming and the order in which priming from these sources will be attempted. |
| Default Value | ds |
| Allowed Values | ds - Prime from the backend Directory Server instances. file - Prime from a file stored locally on this Directory Proxy Server instance. Enabling this option is typically not necessary as priming from the backend servers is faster and provides a more recent copy of the data. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
prime-thread-count (Advanced Property)
| Description | Specifies the number of threads to use when priming the global index. |
| Default Value | The default number of threads is equal to the number of backend sets (the number of subordinate request processors defined by this request processor). |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
background-prime (Advanced Property)
| Description | Indicates whether to attempt to perform global index priming in the background. If background priming is enabled, then the Directory Proxy Server may be allowed to accept client connections and process requests while the prime is in progress. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
values-per-stream-response (Advanced Property)
| Description | The maximum number of values the responding server should include per response when responding to a stream values extended request issued by this server. A value equal to zero indicates that the responding server should choose an appropriate value. |
| Default Value | 1000 |
| Allowed Values | An integer value. Lower limit is 0. Upper limit is 2147483647 . |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
authz-attribute (Advanced Property)
| Description | The name of an attribute in user entries which provides the DN of an alternate authorization identity for the user. When the backend server processing a request does not contain the entry of the authenticated user, the Directory Proxy Server will specify an alternate authorization identity in the request whose DN is provided by the value of this attribute from the authenticated user's entry. If there is no such value, or this property is not set, then the value of the authz-dn property will be used instead. |
| Default Value | ds-authz-map-to-dn |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The DN of a default alternate authorization identity to be used when an alternate authorization identity cannot be obtained from the authenticated user's entry. When the backend server processing a request does not contain the entry of the authenticated user, and the authenticated user's entry does not contain a value for the authz-attribute, or the authz-attribute property is not provided, then the Directory Proxy Server will specify this alternate authorization identity in the request. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
rdn-index-size (Advanced Property)
| Description | The maximum number of values the RDN index is expected to hold. If the property is not set, its value will be estimated from the memory given to the global index and the number of indexes configured. This property is used to size the RDN index for best performance. However, it does not set a limit on the number of values that may be in the index. If the size is set too high, there will be less efficient use of available memory (lower density of index values in memory). If the size is set too low, memory will be used efficiently but operations on the index will have lower performance. |
| Default Value | The default size is estimated from the memory given to the global index and the number of indexes configured. |
| Allowed Values | An integer value. Lower limit is 1. Upper limit is 2147483647 . |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The Entry Balancing Request Processor must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
prime-search-entry-per-second (Advanced Property)
| Description | Specifies a target rate at which index priming should be performed from backend directory servers such as DSEE that do not support the stream values operation. A lower target rate may reduce the load on these servers caused by priming. The rate is specified as the number of search entry results accepted per second by this Directory Proxy Server. The Directory Proxy Server tries to achieve the same target rate for each directory server being primed, i.e. it is not a single target rate across all directory servers. |
| Default Value | The rate for search operation priming should not be limited. |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
preferred-failure-result-codes (Advanced Property)
| Description | Specifies an ordered list, from highest to lowest priority, which is used to determine which result code to return when there are conflicting values received from more than one backend server. This list will also be used to determine if the failure should be reported instead of trying additional backend servers. |
| Default Value | 52 |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
global-index-update-method-for-deletes (Advanced Property)
| Description | Specifies the method the Directory Proxy Server will use to update the global index for delete operations. When an entry is deleted from a backend set, the Directory Proxy Server may not have the attribute data from the entry needed to update global indexes. Additional methods are available to help maintain the global indexes for this Directory Proxy Server despite this limitation. The pre-read request control option can be used to fetch any needed attribute data during a delete request. This requires all backend servers to add an ACI which enables permission for any client performing delete requests to use the pre-read request control (1.3.6.1.1.13.1). Example ACI: ' (targetcontrol="1.3.6.1.1.13.1")(version 3.0; acl "Authenticated access to the PreRead Request Control"; allow (read) userdn="ldap:///all";)' |
| Default Value | none |
| Allowed Values | none - Only global indexes associated with available attribute data from the deleted entry DN will be updated. pre-read-request-control - The pre-read request control will be used to fetch the needed attribute data during the delete request. This requires all backend servers to add an ACI which enables permission for any client performing delete requests to use the pre-read request control (1.3.6.1.1.13.1). Example ACI: ' (targetcontrol="1.3.6.1.1.13.1")(version 3.0; acl "Authenticated access to the PreRead Request Control"; allow (read) userdn="ldap:///all";)' |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
poll-backend-servers-for-global-index-changes (Advanced Property)
| Description | Indicates whether the Directory Proxy Server should request information about changes processed by servers in each backend set. This can help keep the global index up to date with changes in backend servers that aren't processed through this Directory Proxy Server instance. This is only supported if all backend servers are Ping Identity or Alcatel-Lucent 8661 Directory Server instances with the LDAP changelog enabled. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | This is only supported if all backend servers are Ping Identity or Alcatel-Lucent 8661 Directory Server instances with the LDAP changelog enabled.
For best results in determining any necessary global index updates for delete operations, the changelog should be configured with changelog-deleted-entry-include-attribute to include all attributes maintained in the global index (or just use '*' for all user attributes).
For best results in determining any necessary global index updates for modify and modify DN operations, the changelog should be configured with a nonzero value for changelog-max-before-after-values (ideally, a value large enough for the maximum number of values expected in any attribute held in the global index), and/or a use-reversible-form value of true. |
persist-global-index-frequency (Advanced Property)
| Description | The frequency at which the global index is written out to disk. This property must be defined if the "prime-index-source" property has the value "file". |
| Default Value | None |
| Allowed Values | A duration. Lower limit is 10000 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
persist-global-index-directory (Advanced Property)
| Description | The directory where the global index persistent files are placed. |
| Default Value | global-index |
| Allowed Values | A filesystem path |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Request Processors:
dsconfig list-request-processors
[--property {propertyName}] ...
To view the configuration for an existing Request Processor:
dsconfig get-request-processor-prop
--processor-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Request Processor:
dsconfig set-request-processor-prop
--processor-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Entry Balancing Request Processor:
dsconfig create-request-processor
--processor-name {name}
--type {type}
--set subordinate-request-processor:{propertyValue}
--set entry-balancing-base-dn:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Request Processor:
dsconfig delete-request-processor
--processor-name {name}