geistc Valued Contributor.
Valued Contributor.
193 views

How to change the IDM LDAP driver timeout settings

My question is this, is there a way to change the timeout(s) used by the LDAP driver to shorten the time it waits for a response from the remote system? Here is a little background on my issue and setup.

I have some IDM LDAP drivers connecting to some Oracle Unified Directory (OUD) instances. Sometimes the OUD instances do not respond to queries for some reason that the OUD admin can not pin down. This causes the driver to stop processing everything on the subscriber channel until a timeout of 15 minutes is reached. At which point it finishes the transaction it was doing and continues on. This causes issues especially if someone changes a password and that transaction gets queued with all the other transactions waiting for the query to time out. I am guessing this is probably a java setting or something that needs to be modified but not sure so looking for some help/input from people far more skilled at the LDAP driver than I am. 🙂

Labels (1)
Tags (2)
5 Replies
Micro Focus Expert
Micro Focus Expert

Re: How to change the IDM LDAP driver timeout settings

Hi,

do you have a firewall between LDAP driver shim and OID? I've seen cases where the firewall would just drop TCP sessions that have been idle for a while without sending out a RST to both endpoints.

Norbert

geistc Valued Contributor.
Valued Contributor.

Re: How to change the IDM LDAP driver timeout settings

Yeah, there is actually firewalls and load balancers as the OUD servers are clustered behind a load balancer. So that is one of the reasons the OUD admin has been having trouble tracking down the source of the issue. I will let him know to include the network team in his troubleshooting to see if they can do some packet captures to see if they can catch it. Just hoping there is something I can do in the meantime to work around the issue until they are able to pinpoint the cause and resolve it.

Thanks

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to change the IDM LDAP driver timeout settings

Do you use LDAPS connection to your LDAP server?

I believe, that it is related to Subscriber channel "opened" session, "killed" by FW.

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to change the IDM LDAP driver timeout settings

My workaround for "similar" situation - scheduled job, that initiate query every 10 minutes (and it "protect" this session from killing by FW, that didn't see traffic and close session without notification according to own timeout settings. 

0 Likes
geistc Valued Contributor.
Valued Contributor.

Re: How to change the IDM LDAP driver timeout settings

Yes we are using LDAPS. I will see if I can add a job to one of the drivers to test to see if that works around the issue.

Thanks

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.