Anonymous_User Absent Member.
Absent Member.
539 views

Ldap timeout Code map refresh

Hi,

I get a LDAP response read timeout on refreshing Code Map, but only on the Active Directory entitlements.

We have a group entitlement on the Active Directory driver with a large amount of groups, A normal code map refresh on our old
system has a running time of 5-10 minutes.
In our new installed User Application 4.0.2, the refresh is never waiting for the result from the Active Directory driver query,
it always timed out after 15 seconds.

I have tried to change the "com.novell.ldap.timeout" value, but only lower values (<15000 ms) do effect the codemap refresh timeout.
I see this error: "LDAP response read timed out, timeout used:-1ms."
In the TCP trace, I can see the Jboss-server is closing the connection, not the LDAP server.

Versions in Use:
NetIQ eDirectory 8.8.8
NetIQ Identity Manager 4.0.2 P6
NetIQ Identity Manager Roles Based Provisioning Module 4.0.2 Patch E
jboss on jre-7u79-linux-x64

Can there be an other reason for this 15 sec. timeout.

Thanks
Labels (1)
0 Likes
5 Replies
nickleloup Absent Member.
Absent Member.

Re: Ldap timeout Code map refresh


Hi,

There exists a edir2edir timeout when the ua-diver and the queried
driver are on different servers:
See this TID: https://www.novell.com/support/kb/doc.php?id=7016248 (but
this was always 115 seconds)

But i would also look at the driver trace why the group query takes so
long, it should be a lot faster.
When you do this query directly in AD does it also take several
minutes?
I had the same problem with our AD, the query only took 2 second but an
input policy (itp-EntitlementsImpl) toke several minutes to process the
results, a newer version of the AD package had a "fixed"
itp-EntitlementsImpl ruleset which worked faster, see my old thread for
details:
http://tinyurl.com/n9wahv4

Also disable driver-Trace after debugging else the query will also take
too long 😉

Kind Regards,
Gilles


--
nickleloup
------------------------------------------------------------------------
nickleloup's Profile: https://forums.netiq.com/member.php?userid=5862
View this thread: https://forums.netiq.com/showthread.php?t=53705

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Ldap timeout Code map refresh

Hi,

This is a bug in jre-7u79.
I have installed an older patchlevel, jre-7u21-linux-x64 to get it solved.

More info about the problem:
http://stackoverflow.com/questions/30473797/jndi-naming-exception-on-jre7


0 Likes
Knowledge Partner
Knowledge Partner

Re: Ldap timeout Code map refresh

On 6/24/2015 1:25 PM, wlouwers2 wrote:
> Hi,
>
> This is a bug in jre-7u79.
> I have installed an older patchlevel, jre-7u21-linux-x64 to get it solved.
>
> More info about the problem:
> http://stackoverflow.com/questions/30473797/jndi-naming-exception-on-jre7


How interesting. this is the JVM for UA? Not the eDir JVM in nds-modules?


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Ldap timeout Code map refresh

Geoffrey Carman schreef op 24-6-2015 om 20.13:
> On 6/24/2015 1:25 PM, wlouwers2 wrote:
>> Hi,
>>
>> This is a bug in jre-7u79.
>> I have installed an older patchlevel, jre-7u21-linux-x64 to get it solved.
>>
>> More info about the problem:
>> http://stackoverflow.com/questions/30473797/jndi-naming-exception-on-jre7

>
> How interesting. this is the JVM for UA? Not the eDir JVM in nds-modules?
>
>


When installing the User Application and update to patchlevel E, the release notes tell us how to upgrade RBPM to Java 1.7.
RBPM is tested with jdk1.7.0_21 but this specific release is almost impossible to download from Oracle site. You get automatically
the latest release.

This is the direct link:
http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html#jre-7u21-oth-JPR



0 Likes
Anonymous_User Absent Member.
Absent Member.

Operational attributes in DAL

Hi,

I want to read the modifyTimestamp from a user in my workflow.
When I try to extend the DAL user entity, the attribuut is not available. I see other operational attributes are available like
ModifiersName. But why is modifyTimestamp missing there?

Is it possible to lookup this in a workflow in User Application 4.02?


Thanks

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.