NOTICE: Significant community changes coming soon
The header menu and the home page on our community will be changing soon. Get more information HERE.
Highlighted
Super Contributor.
Super Contributor.
430 views

How to change the IDM LDAP driver timeout settings

My question is this, is there a way to change the timeout(s) used by the LDAP driver to shorten the time it waits for a response from the remote system? Here is a little background on my issue and setup.

I have some IDM LDAP drivers connecting to some Oracle Unified Directory (OUD) instances. Sometimes the OUD instances do not respond to queries for some reason that the OUD admin can not pin down. This causes the driver to stop processing everything on the subscriber channel until a timeout of 15 minutes is reached. At which point it finishes the transaction it was doing and continues on. This causes issues especially if someone changes a password and that transaction gets queued with all the other transactions waiting for the query to time out. I am guessing this is probably a java setting or something that needs to be modified but not sure so looking for some help/input from people far more skilled at the LDAP driver than I am. 🙂

Labels (1)
Tags (2)
5 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi,

do you have a firewall between LDAP driver shim and OID? I've seen cases where the firewall would just drop TCP sessions that have been idle for a while without sending out a RST to both endpoints.

Norbert

--
Norbert
Highlighted
Super Contributor.
Super Contributor.

Yeah, there is actually firewalls and load balancers as the OUD servers are clustered behind a load balancer. So that is one of the reasons the OUD admin has been having trouble tracking down the source of the issue. I will let him know to include the network team in his troubleshooting to see if they can do some packet captures to see if they can catch it. Just hoping there is something I can do in the meantime to work around the issue until they are able to pinpoint the cause and resolve it.

Thanks

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Do you use LDAPS connection to your LDAP server?

I believe, that it is related to Subscriber channel "opened" session, "killed" by FW.

 

 

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

My workaround for "similar" situation - scheduled job, that initiate query every 10 minutes (and it "protect" this session from killing by FW, that didn't see traffic and close session without notification according to own timeout settings. 

0 Likes
Highlighted
Super Contributor.
Super Contributor.

Yes we are using LDAPS. I will see if I can add a job to one of the drivers to test to see if that works around the issue.

Thanks

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.