This performance-related attribute specifies the maximum number of entries that the Directory Server will check when examining candidate entries in response to a search request. The Directory Manager DN, however, is, by default, unlimited and overrides any other settings specified here. It is worth noting that binder-based resource limits work for this limit, which means that if a value for the operational attribute nsLookThroughlimit is present in the entry as which a user binds, the default limit will be overridden. Attempting to set a value that is not a number or is too big for a 32-bit signed integer returns an LDAP_UNWILLING_TO_PERFORM error message with additional error information explaining the problem.

This performance-related attribute, present by default, specifies the number of entry IDs that are searched during a search operation. Attempting to set a value that is not a number or is too big for a 32-bit signed integer returns an LDAP_UNWILLING_TO_PERFORM error message, with additional error information explaining the problem.

It is advisable to keep the default value to improve search performance. For a more detailed explanation of the effect of ID lists on search performance, refer to the "Managing Indexes" chapter in the Directory Server Administration Guide.

The server has to be restarted for changes to this attribute to go into effect.

This performance tuning-related attribute, which is turned off by default, specifies the percentage of free memory to use for all the combined caches. For example, if the value is set to 80, then 80 percent of the remaining free memory would be claimed for the cache. To run other servers on the machine, then set the value lower. Setting the value to 0 turns off the cache autosizing and uses the normal nsslapd-cachememsize and nsslapd-dbcachesize attributes.

nsslapd-cache-autosize: 60
nsslapd-cache-autosize-split: 60

This performance tuning-related attribute specifies the percentage of cache space to allocate to the database cache. For example, setting this to 60 would give the database cache 60 percent of the cache space and split the remaining 40 percent between the backend entry caches. That is, if there were two databases, each of them would receive 20 percent. This attribute only applies when the nsslapd-cache-autosize attribute has a value of 0.

nsslapd-cache-autosize: 60
nsslapd-cache-autosize-split: 60

This performance tuning-related attribute specifies the database index cache size, and is one of the most important values for controlling how much physical RAM the directory server uses.

This is not the entry cache. This is the amount of memory the Berkeley database backend will use to cache the indexes (the .db4 files) and other files. This value is passed to the Berkeley DB API function set_cachesize. If automatic cache resizing is activated, this attribute is overridden when the server replaces these values with its own guessed values at a later stage of the server startup. For more technical information on this attribute, see the cache size section of the Berkeley DB reference guide.

Attempting to set a value that is not a number or is too big for a 32-bit signed integer returns an LDAP_UNWILLING_TO_PERFORM error message with additional error information explaining the problem.

The server has to be restarted for changes to this attribute to go into effect.

This sets the amount of time in seconds after which the Directory Server sends a checkpoint entry to the database transaction log. The database transaction log contains a sequential listing of all recent database operations and is used for database recovery only. A checkpoint entry indicates which database operations have been physically written to the directory database. The checkpoint entries are used to determine where in the database transaction log to begin recovery after a system failure. The nsslapd-db-checkpoint-interval attribute is absent from dse.ldif. To change the checkpoint interval, add the attribute to dse.ldif. This attribute can be dynamically modified using ldapmodify. For further information on modifying this attribute, see the "Tuning Directory Server Performance" chapter in the Directory Server Administration Guide.

This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Red Hat technical support or Red Hat professional services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.

For more information on database transaction logging, refer to the "Monitoring Server and Database Activity" chapter in the Directory Server Administration Guide.

This attribute specifies circular logging for the transaction log files. If this attribute is switched off, old transaction log files are not removed and are kept renamed as old log transaction files. Turning circular logging off can severely degrade server performance and, as such, should only be modified with the guidance of Red Hat Technical Support or Red Hat Professional Services.

This attribute specifies whether additional error information is to be reported to Directory Server. To report error information, set the parameter to on. This parameter is meant for troubleshooting; enabling the parameter may slow down the Directory Server.

This attribute sets whether database transaction log entries are immediately written to the disk. The database transaction log contains a sequential listing of all recent database operations and is used for database recovery only. With durable transactions enabled, every directory change will always be physically recorded in the log file and, therefore, able to be recovered in the event of a system failure. However, the durable transactions feature may also slow the performance of the Directory Server. When durable transactions is disabled, all transactions are logically written to the database transaction log but may not be physically written to disk immediately. If there were a system failure before a directory change was physically written to disk, that change would not be recoverable. The nsslapd-db-durable-transactions attribute is absent from dse.ldif. To disable durable transactions, add the attribute to dse.ldif.

This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Red Hat Technical Support or Red Hat Professional Services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.

For more information on database transaction logging, refer to the "Monitoring Server and Database Activity" chapter in the Directory Server Administration Guide.

This is usually applicable to Solaris only, and is used to fix a situation in Solaris where the operating system endlessly flushes pages. This flushing can be so excessive that performance of the entire system is severely degraded.

For users of other systems, to move the database to another physical location for performance reasons, use this parameter to specify the home directory.

This situation will occur only for certain combinations of the database cache size, the size of physical memory, and kernel tuning attributes. In particular, this situation should not occur if the database cache size is less than 100 megabytes.

If the Solaris host seems excessively slow and the database cache size is around 100 megabytes or more, then use the iostat utility to diagnose the problem by monitoring the activity of the disk where the Directory Server's database files are stored. There are three conditions required before resetting the nsslapd-db-home-directory attribute:

If these are all true, use the nsslapd-db-home-directory attribute to specify a subdirectory of a tempfs type filesystem.

The directory referenced by the nsslapd-db-home-directory attribute must be a subdirectory of a filesystem of type tempfs (such as /tmp). However, Directory Server does not create the subdirectory referenced by this attribute. This directory must be created either manually or by using a script. Failure to create the directory referenced by the nsslapd-db-home-directory attribute will result in Directory Server being unable to start.

Also, if there are multiple Directory Servers on the same machine, their nsslapd-db-home-directory attributes must be configured with different directories. Failure to do so will result in the databases for both directories becoming corrupted.

The use of this attribute causes internal Directory Server database files to be moved to the directory referenced by the attribute. It is possible, but unlikely, that the server will no longer start after the files have been moved because not enough memory can be allocated. This is a symptom of an overly large database cache size being configured for the server. If this happens, reduce the size of the database cache size to a value where the server will start again.

This attribute specifies the index block size in terms of the number of blocks per database page. The block size is calculated by dividing the database page size by the value of this attribute. A value of 1 makes the block size exactly equal to the page size. The default value of 0 sets the block size to the page size minus an estimated allowance for internal database overhead. For the majority of installations, the default value should not be changed unless there are specific tuning needs.

Before modifying the value of this attribute, export all databases using the db2ldif script. Once the modification has been made, reload the databases using the ldif2db script.

This attribute specifies the log information buffer size. Log information is stored in memory until the buffer fills up or the transaction commit forces the buffer to be written to disk. Larger buffer sizes can significantly increase throughput in the presence of long running transactions, highly concurrent applications, or transactions producing large amounts of data. The log information buffer size is the transaction log size divided by four.

The nsslapd-db-logbuf-size attribute is only valid if the nsslapd-db-durable-transactions attribute is set to on.

This attribute specifies the path and directory name of the directory containing the database transaction log. The database transaction log contains a sequential listing of all recent database operations and is used for database recovery only. By default, the database transaction log is stored in the same directory as the directory entries themselves, /var/lib/dirsrv/slapd-instance_name/db. For fault-tolerance and performance reasons, move this log file to another physical disk. The nsslapd-db-logdirectory attribute is absent from dse.ldif. To change the location of the database transaction log, add the attribute to dse.ldif.

For more information on database transaction logging, refer to the "Monitoring Server and Database Activity" chapter in the Directory Server Administration Guide.

This attribute specifies the maximum size of a single file in the log in bytes. By default, or if the value is set to 0, a maximum size of 10 megabytes is used. The maximum size is an unsigned 4-byte value.

This attribute specifies the size of the pages used to hold items in the database in bytes. The minimum size is 512 bytes, and the maximum size is 64 kilobytes. If the page size is not explicitly set, Directory Server defaults to a page size of 8 kilobytes. Changing this default value can have a significant performance impact. If the page size is too small, it results in extensive page splitting and copying, whereas if the page size is too large it can waste disk space.

Before modifying the value of this attribute, export all databases using the db2ldif script. Once the modification has been made, reload the databases using the ldif2db script.

This attribute specifies the number of times that test-and-set mutexes should spin without blocking.

This attribute specifies how many transactions will be batched before being committed. This attribute can improve update performance when full transaction durability is not required. This attribute can be dynamically modified using ldapmodify. For further information on modifying this attribute, refer to the "Tuning Directory Server Performance" chapter in the Directory Server Administration Guide.

If this attribute is not defined or is set to a value of 0, transaction batching will be turned off, and it will be impossible to make remote modifications to this attribute via LDAP. However, setting this attribute to a value greater than 0 causes the server to delay committing transactions until the number of queued transactions is equal to the attribute value. A value greater than 0 also allows modififications to this attribute remotely via LDAP. A value of 1 for this attribute allows modifications to the attribute setting remotely via LDAP, but results in no batching behavior. A value of 1 at server startup is therefore useful for maintaining normal durability while also allowing transaction batching to be turned on and off remotely when desired. Remember that the value for this attribute may require modifying the nsslapd-db-logbuf-size attribute to ensure sufficient log buffer size for accommodating the batched transactions.

For more information on database transaction logging, refer to the "Monitoring Server and Database Activity" chapter in the Directory Server Administration Guide.

This attribute sets that at least the specified percentage of pages in the shared-memory pool are clean by writing dirty pages to their backing files. This is to ensure that a page is always available for reading in new information without having to wait for a write.

This attribute specifies whether to record additional informational and debugging messages when searching the log for checkpoints, doing deadlock detection, and performing recovery. This parameter is meant for troubleshooting, and enabling the parameter may slow down the Directory Server.

This attribute can split the LDBM cache into equally sized separate pieces of memory. It is possible to specify caches that are large enough so that they cannot be allocated contiguously on some architectures; for example, some releases of Solaris limit the amount of memory that may be allocated contiguously by a process. If nsslapd-dbncache is 0 or 1, the cache will be allocated contiguously in memory. If it is greater than 1, the cache will be broken up into ncache, equally sized separate pieces of memory.

To configure a dbcache size larger than 4 gigabytes, add the nsslapd-dbncache attribute to cn=config, cn=ldbm database, cn=plugins, cn=config between the nsslapd-dbcachesize and nsslapd-db-logdirectory attribute lines.

Set this value to an integer that is one-quarter (1/4) the amount of memory in gigabytes. For example, for a 12 gigabyte system, set the nsslapd-dbncache value to 3; for an 8 gigabyte system, set it to 2.

This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Red Hat technical support or Red Hat professional services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.

The server has to be restarted for changes to this attribute to go into effect.

This attribute specifies absolute path to database instance. If the database instance is manually created then this attribute must be included, something which is set by default (and modifiable) in the Directory Server Console. Once the database instance is created, do not modify this path as any changes risk preventing the server from accessing data.

This performance tuning-related attribute determines the size of the database cache used in the bulk import process. Setting this attribute value so that the maximum available system physical memory is used for the database cache during bulk importing optimizes bulk import speed. Attempting to set a value that is not a number or is too big for a 32-bit signed integer returns an LDAP_UNWILLING_TO_PERFORM error message, with additional error information explaining the problem.

This performance tuning-related attribute automatically sets the size of the import cache (importCache) to be used during the command-line-based import process of LDIF files to the database (the ldif2db operation).

In Directory Server, the import operation can be run as a server task or exclusively on the command-line. In the task mode, the import operation runs as a general Directory Server operation. The nsslapd-import-cache-autosize attribute enables the importCache to be set automatically to a predetermined size when the import operation is run on the command-line. The attribute can also be used by Directory Server during the task mode import for allocating a specified percentage of free memory for importCache.

By default, the nsslapd-import-cache-autosize attribute is enabled and is set to a value of -1. This value autosizes importCache for the ldif2db operation only, automatically allocating fifty percent (50%) of the free physical memory for importCache. The percentage value (50%) is hardcoded and cannot be changed.

Setting the attribute value to 50 (nsslapd-import-cache-autosize: 50) has the same effect on performance during an ldif2db operation. However, such a setting will have the same effect on performance when the import operation is run as a Directory Server task. The -1 value autosizes importCache just for the ldif2db operation and not for any, including import, general Directory Server tasks.

Setting the nsslapd-import-cache-autosize attribute value to 0 turns off the importCache autosizing feature - that is, no autosizing occurs during either mode of the import operation. Instead, Directory Server uses the Section 3.4.1.22, “nsslapd-import-cachesize” attribute for import cache size, with a default of 20,000,000.

There are three caches in the context of Directory Server: dbCache, entryCache, and importCache. importCache is only used during the import operation. The nsslapd-cache-autosize attribute, which is used for autosizing entryCache and dbCache, is used during the Directory Server operations only and not during the ldif2db command-line operation; the attribute value is the percentage of free physical memory to be allocated for entryCache and dbCache.

If both the autosizing attributes, nsslapd-cache-autosize and nsslapd-import-cache-autosize, are enabled, ensure that their sum is less than 100.

This attribute specifies the permissions used for newly created index files.

This performance tuning-related attribute specifies the cache size in terms of the entries it can hold. However, it is simpler to limit by memory size only (as in Section 3.4.3.2, “nsslapd-cachememsize”). Attempting to set a value that is not a number or is too big for a 32-bit signed integer returns an LDAP_UNWILLING_TO_PERFORM error message with additional error information explaining the problem.

The server has to be restarted for changes to this attribute to go into effect.

This performance tuning-related attribute specifies the cache size in terms of available memory space. The simplest method is limiting cache size in terms of memory occupied. Activating automatic cache resizing overrides this attribute, replacing these values with its own guessed values at a later stage of the server startup. Attempting to set a value that is not a number or is too big for a 32-bit signed integer returns an LDAP_UNWILLING_TO_PERFORM error message with additional error information explaining the problem.

This attribute specifies the path to the database instance. If it is a relative path, it starts from the path specified by nsslapd-directory in the global database entry cn=config, cn=ldbm database, cn=plugins, cn=config. The database instance directory is named after the instance name and located in the global database directory, by default. After the database instance has been created, do not modify this path, because any changes risk preventing the server from accessing data.

This attribute specifies read-only mode for a single back-end instance. If this attribute has a value of off, then users have all read, write, and execute permissions allowed by their access permissions.

When switched to on, this attribute allows one to refuse unindexed searches. This performance-related attribute avoids saturating the server with erroneous searches.

This attribute specifies the suffix of the database link. This is a single-valued attribute because each database instance can have only one suffix. Previously, it was possible to have more than one suffix on a single database instance, but this is no longer the case. As a result, this attribute is single-valued to enforce the fact that each database instance can only have one suffix entry. Any changes made to this attribute after the entry has been created take effect only after the server containing the database link is restarted.

This mandatory attribute specifies whether the index is a system index, an index which is vital for Directory Server operations. If this attribute has a value of true, then it is system-essential. System indexes should not be removed, as this will seriously disrupt server functionality.

This optional, multi-valued attribute specifies the type of index for Directory Server operations and takes the values of the attributes to be indexed. Each desired index type has to be entered on a separate line.

This optional, multi-valued attribute specifies the ordering matching rule name or OID used to match values and to generate index keys for the attribute. This is most commonly used to ensure that equality and range searches work correctly for languages other than English (7-bit ASCII).

This is also used to allow range searches to work correctly for integer syntax attributes that do not specify an ordering matching rule in their schema definition. uidNumber and gidNumber are two commonly used attributes that fall into this category.

For example, for a uidNumber that uses integer syntax, the rule attribute could be nsMatchingRule: integerOrderingMatch.

This attribute provides the name of the attribute to index.

This optional attribute provides a free-hand text description of what the index actually performs.

nsEncryptionAlgorithm selects the cipher used by nsAttributeEncryption. The algorithm can be set per encrypted attribute.