When a mobile device connects to the IBM Notes Traveler server, the request must first be authenticated. This action is performed by the IBM Domino HTTP server. The HTTP server will attempt to validate these credentials or any session token information and will read user information such as group membership from the Domino Directory or LDAP servers that have been configured for this purpose. Often, this is using Domino Directory Assistance configuration information. Before the HTTP server makes the request to the LDAP or Domino directory, it will check to see if the user cache already contains the results from a previous authentication attempt. If so, then the request retrieves the user information from the cache instead of asking the directory.
It is common to use remote LDAP servers or remote Domino Directories with IBM Notes Traveler. Instead of having to replicate all of this information locally on every IBM Notes Traveler server, it is more convenient to have this service performed by a central hub. However, mobile devices can make a large number of requests against an IBM Notes Traveler server during push or sync operations. If your IBM Domino HTTP server user cache is not sufficiently large enough, then this can result in increased load against your LDAP or directory servers. Also, if this request fails for any reason (network request time-out, temporary network loss, directory server is temporarily unavailable), then the failure is returned to the mobile device. Most often this results in the device now believing that the user credentials are incorrect. Depending on the device client in use, the end user may see a pop-up asking for a new password or synchronization stops until a new password is provided by the mobile user.
The solution here is to make sure that your IBM Domino HTTP server user cache is sized sufficiently large enough for your mobile population and that the expiration interval on the cache objects is long enough to be effective.
Configuring the HTTP User Cache
To configure the IBM Domino HTTP server user cache, use the Domino Administrator client and open the server document used by your IBM Notes Traveler server. Find the Internet Protocols
tab and then the Domino Web Engine
sub tab. Locate a section on this document called Memory Caches
, which contains the following fields:
Maximum Cached Designs
- This field is not significant to IBM Notes Traveler. Recommend leaving this setting as whatever value was previously set.
Maximum Cached Users
- The default setting is 64 which is typically too small for an IBM Notes Traveler installation. Set this to the number of users that are expected to use this IBM Notes Traveler server.
Cached User Expiration Interval
- The default setting is 120 seconds which is generally too short for an IBM Notes Traveler installation. Recommend increasing this value to 43200 seconds (12 hours). Note that group memberships for a user are also saved in the user cache. The disadvantage of setting this interval too long is that if a user is moved out of a group that can access the IBM Notes Traveler server, then this membership change will not be recognized at the Notes Traveler server until the user cache record expires. Depending on your security requirements, you may want to adjust this value lower.
Monitoring the user cache using Domino statistics
The HTTP user cache can be monitored using IBM Domino server statistics. To display the user cache stats, run the following command on the Domino server console:
show stat domino.cache.user*
This command will return data similar to the following:
Domino.Cache.User Cache.Count = 687
Domino.Cache.User Cache.DisplaceRate = 0
Domino.Cache.User Cache.HitRate = 99.3575742001799
Domino.Cache.User Cache.MaxSize = 1000
It is possible that the Domino.Cache.User Cache.Count could temporarily grow larger than the Domino.Cache.User Cache.MaxSize, but this is a sign that the cache is sized too small. In general, you want Domino.Cache.User Cache.HitRate to be 90% or higher.
- IBM Notes Traveler product documentation
- Tuning active HTTP threads for IBM Notes Traveler
which focuses on having enough connection threads to manage incoming device requests.