Anonymous_User Absent Member.
Absent Member.
468 views

LDAP driver timing out


We're running IDM 4.0.2, eDIr 8.8.7 and iManager 2.7.5

LDAP driver 3.5.16 connected to Oracle Internet Directory

The driver maintains user and groups on OID. We are trying to run a re
sync to OID but the driver times out when trying to sync the groups.
The groups are very large, the one it's failing at has over 80,000
members.

Is there an option to increase the connect time? Is this an IDM option
or OID?

The error from the log:

11:12:11 2333F700 Drvrs: Portal (HA) ST:Oracle Portal LDAP (HA):
LDAPInterface.doLDAPModify() Modify Error4: LDAPException: Connection
lost waiting for results from oid.mcgill.ca:389 (91) Connect Error
java.net.SocketException: Connection reset
11:12:11 2333F700 Drvrs: Portal (HA) ST:SubscriptionShim.execute()
returned:
11:12:11 2333F700 Drvrs: Portal (HA) ST:
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20120601_164331" instance="Oracle Portal LDAP (HA)"
version="3.5.16">Identity Manager Driver for LDAP</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status
event-id="pmeta2#20130306204305#99#445:b0b864d7-50a5-470d-8184-d764b8b0a550"
level="retry">LDAP server not running, busy, or otherwise unavailable.
LDAPException: Connection lost waiting for results from
oid.mcgill.ca:389 (91) Connect Error
java.net.SocketException: Connection reset</status>
</output>
</nds>
11:12:11 2333F700 Drvrs: Portal (HA) ST:No input transformation
policies.
11:12:11 2333F700 Drvrs: Portal (HA) ST:Applying schema mapping policies
to input.
11:12:11 2333F700 Drvrs: Portal (HA) ST:Applying policy:
Oracle+Portal+Schema+Mapping.
11:12:11 2333F700 Drvrs: Portal (HA) ST:Resolving association
references.
11:12:11 2333F700 Drvrs: Portal (HA) ST:Requesting 30 second retry
delay.
11:12:12 2333F700 Drvrs: Portal (HA) ST:
DirXML Log Event -------------------
Driver: \META-TREE\McGill\DriverSets\McGill\Oracle Portal LDAP (HA)
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status indicating
that the operation should be retried later. Detail from driver: LDAP
server not running, busy, or otherwise unavailable. LDAPException:
Connection lost waiting for results from oid.mcgill.ca:389 (91) Connect
Error
java.net.SocketException: Connection reset


--
pdoig
------------------------------------------------------------------------
pdoig's Profile: https://forums.netiq.com/member.php?userid=3230
View this thread: https://forums.netiq.com/showthread.php?t=47030

Labels (1)
0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: LDAP driver timing out

"Connection reset" usually originates on the server side of the
connection but could also be caused by a firewall, proxy, or load balancer.

On 3/7/13 10:14 AM, pdoig wrote:
>
> We're running IDM 4.0.2, eDIr 8.8.7 and iManager 2.7.5
>
> LDAP driver 3.5.16 connected to Oracle Internet Directory
>
> The driver maintains user and groups on OID. We are trying to run a re
> sync to OID but the driver times out when trying to sync the groups.
> The groups are very large, the one it's failing at has over 80,000
> members.
>
> Is there an option to increase the connect time? Is this an IDM option
> or OID?
>
> The error from the log:
>
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:Oracle Portal LDAP (HA):
> LDAPInterface.doLDAPModify() Modify Error4: LDAPException: Connection
> lost waiting for results from oid.mcgill.ca:389 (91) Connect Error
> java.net.SocketException: Connection reset
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:SubscriptionShim.execute()
> returned:
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:
> <nds dtdversion="2.0" ndsversion="8.x">
> <source>
> <product build="20120601_164331" instance="Oracle Portal LDAP (HA)"
> version="3.5.16">Identity Manager Driver for LDAP</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status
> event-id="pmeta2#20130306204305#99#445:b0b864d7-50a5-470d-8184-d764b8b0a550"
> level="retry">LDAP server not running, busy, or otherwise unavailable.
> LDAPException: Connection lost waiting for results from
> oid.mcgill.ca:389 (91) Connect Error
> java.net.SocketException: Connection reset</status>
> </output>
> </nds>
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:No input transformation
> policies.
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:Applying schema mapping policies
> to input.
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:Applying policy:
> Oracle+Portal+Schema+Mapping.
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:Resolving association
> references.
> 11:12:11 2333F700 Drvrs: Portal (HA) ST:Requesting 30 second retry
> delay.
> 11:12:12 2333F700 Drvrs: Portal (HA) ST:
> DirXML Log Event -------------------
> Driver: \META-TREE\McGill\DriverSets\McGill\Oracle Portal LDAP (HA)
> Channel: Subscriber
> Status: Retry
> Message: Code(-9006) The driver returned a "retry" status indicating
> that the operation should be retried later. Detail from driver: LDAP
> server not running, busy, or otherwise unavailable. LDAPException:
> Connection lost waiting for results from oid.mcgill.ca:389 (91) Connect
> Error
> java.net.SocketException: Connection reset
>
>



--
Shon
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAP driver timing out


so the driver should be able to resync a group of that size to OID?


--
pdoig
------------------------------------------------------------------------
pdoig's Profile: https://forums.netiq.com/member.php?userid=3230
View this thread: https://forums.netiq.com/showthread.php?t=47030

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAP driver timing out

On 3/7/13 11:44 AM, pdoig wrote:
>
> so the driver should be able to resync a group of that size to OID?
>
>


Shouldn't be a problem other than maybe not having a high enough max
heap size configured, but the error you getting wouldn't be cause by that.

But this looks promising as the the cause and the cure:

http://docs.oracle.com/cd/E21764_01/core.1111/e10108/oid.htm#autoId20

You should probably also google for tuning tips for oid large static groups
--
Shon
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAP driver timing out


Thanks! I'll speak to our DBAs.


--
pdoig
------------------------------------------------------------------------
pdoig's Profile: https://forums.netiq.com/member.php?userid=3230
View this thread: https://forums.netiq.com/showthread.php?t=47030

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAP driver timing out

On Thu, 07 Mar 2013 17:14:02 +0000, pdoig wrote:

> 11:12:11 2333F700 Drvrs: Portal (HA) ST:Oracle Portal LDAP (HA):
> LDAPInterface.doLDAPModify() Modify Error4: LDAPException: Connection
> lost waiting for results from oid.mcgill.ca:389 (91) Connect Error
> java.net.SocketException: Connection reset


That looks to me like OID is killing the connection.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.