LDAP system properties for DataStax Enterprise Authentication

-Ddse.ldap.connection.timeout.ms

The number of milliseconds before the connection timesout.

Default:

-Ddse.ldap.retry_interval.ms

Allows you to set the time in milliseconds between subsequent retries when authenticating via an LDAP server.

Default: 10

-Ddse.ldap.pool.min.idle

Finer control over the connection pool for DataStax Enterprise LDAP authentication connector. The min idle settings determines the minimum number of connections allowed in the pool before the evictor thread will create new connections. This setting has no effect if the evictor thread isn’t configured to run.

Default:

-Ddse.ldap.pool.exhausted.action

Determines what the pool does when it is full. It can be one of:

  • fail - the pool with throw an exception

  • block - the pool will block for max wait ms (default)

  • grow - the pool will just keep growing (not recommended)

Default: block

-Ddse.ldap.pool.max.wait

When the dse.ldap.pool.exhausted.action is block, sets the number of milliseconds to block the pool before throwing an exception.

Default:

-Ddse.ldap.pool.test.borrow

Tests a connection when it is borrowed from the pool.

Default:

-Ddse.ldap.pool.test.return

Tests a connection returned to the pool.

Default:

-Ddse.ldap.pool.test.idle

Tests any connections in the eviction loop that are not being evicted. Only works if the time between eviction runs is greater than 0ms.

Default:

-Ddse.ldap.pool.time.between.evictions

Determines the time in ms (milliseconds) between eviction runs. When run with the dse.ldap.pool.test.idle this becomes a basic keep alive for connections.

Default:

-Ddse.ldap.pool.num.tests.per.eviction

Number of connections in the pool that are tested each connection run. If this is set the same as max active (the pool size) then all connections will be tested each eviction run.

Default:

-Ddse.ldap.pool.min.evictable.idle.time.ms

Determines the minimum time in ms (milliseconds) that a connection can sit in the pool before it becomes available for eviction.

Default:

-Ddse.ldap.pool.soft.min.evictable.idle.time.ms

Determines the minimum time in ms (milliseconds) that a connection can sit the pool before it becomes available for eviction with the proviso that the number of connections doesn’t fall below dse.ldap.pool.min.evictable.idle.time.ms.

Default:

Tune LDAP failover

Use the following properties to tune the failover behavior when multiple LDAP servers are specified in dse.yaml.

-Ddse.ldap.failover.retry_count

Number of failover retries.

Default: the number of configured LDAP servers.

-Ddse.ldap.failover.quarantine.opening.threshold

Number of failovers allowed during the opening interval before the LDAP server is added to the quarantine list.

Default: 3

-Ddse.ldap.failover.quarantine.opening.threshold

Opening threshold time in milliseconds.

Default: 10000

-Ddse.ldap.failover.quarantine.close.threshold

Threshold for the number of failures at which an LDAP server will be unquarantined.

When an LDAP server is quarantined, there are still circumstances when it can be used. A server is chosen as follows:

  1. A server is selected which is unquarantined and whose connection pool has idle connections.

  2. If a server is not available, a server is selected which has just been unquarantined.

  3. If no servers meet those criteria, all servers are cycled through in round robin fashion.

The parameter must be at least 1, otherwise once a server is quarantined, it will remain quarantined until the LDAP subsystem is reset or the node is restarted.

Default: 1

-Ddse.ldap.failover.quarantine.close.interval.ms

Closing threshold time in milliseconds.

Default: 10000

Lower -Ddse.ldap.connection.timeout.ms to improve LDAP performance by quarantining servers more quickly.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com