Stellar beings,
I am writing you because we recently did a mass enrollment with LDAP users enrolling via the JSS enroll url, and it was failing.
Tomcat settings were adjusted to allow for as many as 150 simultaneous enrollments (18G RAM dedicated to java and 750 threads for the app.) prior to this enrollment. MySQL was also previously adjusted to match this. Tomcat and MySQL were keeping up, that is we could still log into the JSS with local accounts during the enrollment failures, but our LDAP connection was breaking.
The only way to restore LDAP connectivity was to stop tomcat, wait a several seconds and then start it. At times, on our LDAP server we were seeing 100+ binds per second and it's possible that it was running out of threads. The JSS was not gracefully restarting it's LDAP connection after losing it.
We were unable to do more than 10 enrollments at a time and so most of our user base, just over 600 users, were unable to enroll via the JSS url during our orientation sessions.
This is a major issue during our orientation days as LDAP is the means by which we associate users with computers and how we grant users access to self service. This even more paramount as we are starting class on Wednesday.
Have you seen any issues with enrollment and LDAP? Does anyone know if the JSS caches LDAP queries?
We were told that the biggest concern would be allocating enough resources to tomcat. When I asked about LDAP in previous discussions we were always told that LDAP would not be an issue with regard to enrollment and user authentication on the JSS.
At this point we're scrambling to set up an Apache reverse proxy in front of tomcat on the JSS in an attempt to queue incoming connections.
Any insight would be appreciated.
gratitude,
cosmos
