IBM Tivoli Identity Manager application, Recycle bin

3 IBM Tivoli Identity Manager application

The IBM Tivoli Identity Manager application includes several configuration files that provide an area for tuning various parts of the application’s performance. These are in the data/ directory under the IBM Tivoli Identity Manager product home directory.

3.1Recycle bin

When objects such as people, accounts, roles, and provisioning policies are deleted from the IBM Tivoli Identity Manager system using either the graphical user interface (GUI) or the application program interface (API), these objects are not removed from the underlying directory server but rather moved into the recycle bin. The recycle bin is implemented as the following LDAP container:

ou=recycleBin, ou=itim, ou=<tenant>, <suffix>

When LDAP entries are moved under this DN due to a deletion, the attribute erIsDeleted is set to the value Y to enable IBM Tivoli Identity Manager to identify these objects as entries it should neither display to the user nor act upon. Because of the LDAP search filter that IBM Tivoli Identity Manager uses, having a large number of entries in the recycle bin can negatively impact performance. It is recommended that the size of the recycle bin be kept as small as possible for optimum performance.

There are several ways to remove entries from the recycle bin. IBM Tivoli Identity Manager includes a script that will delete entries in the recycle bin older than a specified age range. See the discussion of the recycle bin age limit in IBM Tivoli Identity Manager Server Installation and Configuration Guide for WebSphere Environments for more information.

An alternate method is to use an LDAP display tool to view the entries and delete them directly in the directory server. Be careful to only delete the deleted entries themselves and not the ou=recycleBin container. Similarly, it is possible to use a combination of the ldapsearch and ldapdelete commands to delete entries. For example:

ldapsearch -h <host> -p <port> -D <user> -w <password> \

-b "ou=recycleBin,ou=itim,ou=<tenant>,<suffix>" -s sub "erisdeleted=Y" dn \ ldapdelete -h <host> -p <port> -D <user> -w <password>

After deleting entries from the recycle bin, run runstats to make IBM DB2 pick up the changes. See the IBM LDAP Server – Runstats section for more information.

3.2Reconciliations

Reconciliations are resource-intensive operations and can take a while for services with a large account population. Limiting the number of attributes returned by the adapter and processed by IBM Tivoli Identity Manager can improve reconciliation performance. Large reconciliations may also exceed the default Max Duration and if so the value can be increased.

3.2.1 Threads

When processing DSML feeds, IBM Tivoli Identity Manager creates threads to process the data. The number of threads may need to be adjusted to optimize performance because of the widely varying workload that differently defined reconciliation jobs exhibit.

Determining the values

num_recon_threads – The number of threads used when processing DSML feeds. Recommended value: 2 for DSML feeds with workflow, 3 for DSML feeds without workflow.

Page 8

IBM Tivoli Identity Manager Performance Tuning Guide

4.6 specifications

IBM 4.6, known for its robust and versatile capabilities, represents a significant evolution in the realm of enterprise software solutions. This version is primarily associated with IBM's middleware offerings, notably IBM WebSphere Application Server. It is engineered to support the development, deployment, and management of web applications with a focus on scalability, reliability, and security.

One of the standout features of IBM 4.6 is its enhanced performance optimizations. The platform employs advanced caching strategies and efficient resource management to improve application response times and throughput. This means that businesses can handle heavier loads with fewer resources, making it an economical choice for enterprises of all sizes.

Another notable characteristic is its support for a wide range of programming models and standards, including Java EE. This allows developers to build applications using familiar tools and frameworks, accelerating development timelines and improving productivity. Additionally, IBM 4.6 offers robust integration capabilities with existing enterprise systems through its support for web services and messaging protocols.

IBM 4.6 also emphasizes security. It includes features such as role-based access control, data encryption, and comprehensive auditing capabilities. These measures help organizations safeguard sensitive information and comply with various regulatory requirements.

The compatibility with multiple platforms, including cloud environments, is another significant advantage. IBM 4.6 simplifies deployment across diverse infrastructures, enabling businesses to operate in hybrid environments seamlessly. This flexibility is particularly beneficial as organizations increasingly adopt cloud migration strategies.

Furthermore, IBM 4.6 is equipped with a range of monitoring and management tools. These tools provide insights into application performance and health, allowing IT teams to proactively identify and address potential issues before they impact users. This capability is critical in maintaining high availability and reliability of services.

In summary, IBM 4.6 stands out as a comprehensive solution for enterprise application development and management. Its key features, such as enhanced performance, support for industry standards, strong security measures, platform compatibility, and monitoring tools, make it a compelling choice for organizations seeking to modernize their IT infrastructure. Implementing IBM 4.6 can empower businesses to innovate faster while ensuring their applications remain secure and efficient in a rapidly evolving digital landscape.