Configuring LDAP connection pooling
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
JIRA is using too many or too few LDAP connections and you need to adjust the connection pool.
Diagnosis
You would normally use a third party monitoring tool to determine how your connection pool is being used over time.
You can inspect JIRA's current settings at: <BASE URL>/plugins/servlet/embedded-crowd/configure/connection-pool/
The timeout is not accurately reflected on this page. There are options there to configure it, but they don't work. Other settings are saved correctly.
Cause
The only time we have seen a need to adjust this pool is when scripts are authenticating against JIRA and not using cookies.
Workaround
You can use Java system properties found in the setenv.sh or setenv.bat file to configure the LDAP connection pool. From http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html:
Here is an example of a command line that sets the maximum pool size to 20, the preferred pool size to 10, and the idle timeout to 5 minutes for pooled connections.
-Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=300000
Please see the above link for exhaustive documentation on this functionality.
Check out Setting properties and options on startup for more information on setting Java properties.
Pool properties
Setting | System property | Description | Default value |
|---|---|---|---|
Initial pool size | com.sun.jndi.ldap.connect.pool.initsize | The number of LDAP connections created when initially connecting to the pool. | 1 |
Preferred pool size | com.sun.jndi.ldap.connect.pool.prefsize | The optimal pool size. LDAP will remove idle connections when the number of connections grows larger than this value. A value of 0 (zero) means that there is no preferred size, so the number of idle connections is unlimited. | 10 |
Maximum pool size | com.sun.jndi.ldap.connect.pool.maxsize | The max number of connections. When the number of connections reaches this value, LDAP will refuse further connections. As a result, requests made by an application to the LDAP server will be blocked. A value of 0 (zero) means that the number of connections is unlimited. | 0 |
Pool timeout | com.sun.jndi.ldap.connect.pool.timeout | The length of time, in milliseconds, that a connection may remain idle before being removed from the pool. When the application is finished with a pooled connection, the connection is marked as idle, waiting to be reused. A value of 0 (zero) means that the idle time is unlimited, so connections will never be timed out. | 30000 |
Pool protocol | com.sun.jndi.ldap.connect.pool.protocol | Only these protocol types are allowed to connect to LDAP. If you want to allow multiple protocols, enter the values separated by a space. Valid values are:
|
|
Pool authentication | com.sun.jndi.ldap.connect.pool.authentication | Only these authentication types are allowed to connect to LDAP. If you want to allow multiple authentication types, enter the values separated by a space. See RFC 2829 for details of LDAP authentication methods. Valid values are:
|
|
Notes:
- The connection pool settings are system wide and will be used to create a new connection pool for every configured LDAP directory server.
- You must restart your application server for these settings to take effect.