This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
geistc
Captain
Captain
‎2019-07-09 16:24
559 views

How to change the IDM LDAP driver timeout settings

My question is this, is there a way to change the timeout(s) used by the LDAP driver to shorten the time it waits for a response from the remote system? Here is a little background on my issue and setup.

I have some IDM LDAP drivers connecting to some Oracle Unified Directory (OUD) instances. Sometimes the OUD instances do not respond to queries for some reason that the OUD admin can not pin down. This causes the driver to stop processing everything on the subscriber channel until a timeout of 15 minutes is reached. At which point it finishes the transaction it was doing and continues on. This causes issues especially if someone changes a password and that transaction gets queued with all the other transactions waiting for the query to time out. I am guessing this is probably a java setting or something that needs to be modified but not sure so looking for some help/input from people far more skilled at the LDAP driver than I am. 🙂

Labels (1)
Labels
Tags (2)
Reply
Report Inappropriate Content
5 Replies
klasen
Micro Focus Expert
Micro Focus Expert
‎2019-07-17 07:46

Hi,

do you have a firewall between LDAP driver shim and OID? I've seen cases where the firewall would just drop TCP sessions that have been idle for a while without sending out a RST to both endpoints.

Norbert

--
Norbert
Reply
Report Inappropriate Content
geistc
Captain
Captain
‎2019-07-17 14:38

Yeah, there is actually firewalls and load balancers as the OUD servers are clustered behind a load balancer. So that is one of the reasons the OUD admin has been having trouble tracking down the source of the issue. I will let him know to include the network team in his troubleshooting to see if they can do some packet captures to see if they can catch it. Just hoping there is something I can do in the meantime to work around the issue until they are able to pinpoint the cause and resolve it.

Thanks

0 Likes
Reply
Report Inappropriate Content
al_b
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2019-07-18 05:18

Do you use LDAPS connection to your LDAP server?

I believe, that it is related to Subscriber channel "opened" session, "killed" by FW.

 

 

0 Likes
Reply
Report Inappropriate Content
al_b
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2019-07-18 05:23

My workaround for "similar" situation - scheduled job, that initiate query every 10 minutes (and it "protect" this session from killing by FW, that didn't see traffic and close session without notification according to own timeout settings. 

0 Likes
Reply
Report Inappropriate Content
geistc
Captain
Captain
‎2019-07-18 15:34

Yes we are using LDAPS. I will see if I can add a job to one of the drivers to test to see if that works around the issue.

Thanks

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.