Tuning the Sametime LDAP bind operation

There are different types of bind operations supported by the LDAP protocol. The most common are anonymous and simple bind, also known as authenticated bind.

About this task

An anonymous bind is the easiest way to establish a connection with the LDAP server. However, the anonymous client will have limited access to the directory when compared to authenticated clients. Using a simple bind, a client can be authenticated on the LDAP server by providing its DN and password in plain text. The server verifies that such a person exists in the directory and that the supplied password is correct.

The LDAP protocol is asynchronous, so a client can send multiple requests to the LDAP server on the same connection, and does not need to wait for the response of one request before sending the next one. Each request is identified by a request ID, and every response is associated with the original request ID. However, some LDAP servers limit the maximum number of requests that can be pending per single connection.

The following settings are in the [Directory] section of the sametime.ini file:

ST_DB_LDAP_PENDING_BIND_MAX=X
ST_DB_LDAP_PENDING_BIND_LOW=Y

These settings only affect the bind requests allowing other requests (mainly search requests) to be sent to LDAP in different rates.

To force the IBM® Sametime® Server to send BIND requests synchronously use the following settings:

ST_DB_LDAP_PENDING_BIND_MAX=1
ST_DB_LDAP_PENDING_BIND_LOW=0

This settings make sure that no other requests will be sent to LDAP on the same connection before getting the response to the bind request. For more information see the TechNote Adding the ability to send bind requests to LDAP synchronously.