How to change the IDM LDAP driver timeout settings
My question is this, is there a way to change the timeout(s) used by the LDAP driver to shorten the time it waits for a response from the remote system? Here is a little background on my issue and setup.
I have some IDM LDAP drivers connecting to some Oracle Unified Directory (OUD) instances. Sometimes the OUD instances do not respond to queries for some reason that the OUD admin can not pin down. This causes the driver to stop processing everything on the subscriber channel until a timeout of 15 minutes is reached. At which point it finishes the transaction it was doing and continues on. This causes issues especially if someone changes a password and that transaction gets queued with all the other transactions waiting for the query to time out. I am guessing this is probably a java setting or something that needs to be modified but not sure so looking for some help/input from people far more skilled at the LDAP driver than I am. 🙂
do you have a firewall between LDAP driver shim and OID? I've seen cases where the firewall would just drop TCP sessions that have been idle for a while without sending out a RST to both endpoints.
Yeah, there is actually firewalls and load balancers as the OUD servers are clustered behind a load balancer. So that is one of the reasons the OUD admin has been having trouble tracking down the source of the issue. I will let him know to include the network team in his troubleshooting to see if they can do some packet captures to see if they can catch it. Just hoping there is something I can do in the meantime to work around the issue until they are able to pinpoint the cause and resolve it.
My workaround for "similar" situation - scheduled job, that initiate query every 10 minutes (and it "protect" this session from killing by FW, that didn't see traffic and close session without notification according to own timeout settings.