Topic
  • 5 replies
  • Latest Post - ‏2014-04-21T23:29:04Z by Trey
msmps
msmps
193 Posts

Pinned topic AAA LDAP timeout

‏2013-04-29T16:42:32Z |

Trying to use AAA and connect to LDAP. Everything is working fine. Today our LDAP is down. 

So we are trying to check the following in  AAA ,

 Is the current time-out which applied to service (default 120sec) applies to the LDAP access as well? If not, can DP be configured with a time-out for it? 

 

But we didnt find anything for to set this value. And as per logs we got error after 3 minutes saying

 

Unable to connect to LDAP server 'x.y.z': TCP connection failed.

But till then the normal timeout or not error rule nothing is get executed.

 

Any inputs how to approach this

Updated on 2013-04-29T17:49:29Z at 2013-04-29T17:49:29Z by msmps
  • swlinn
    swlinn
    1348 Posts

    Re: AAA LDAP timeout

    ‏2013-04-29T18:26:02Z  

    For your LDAP connection, I believe this is driven by your service's user agent timeout, which I believe is quite lengthy (5 minutes).  Now if your front side timeout is 120 seconds, then the request will be abandoned when the front side timeout fires first before your user agent timeout.  You should specify reasonable timeout values as 2 or 5 minutes is an eternity

    Regards,

    Steve

  • msmps
    msmps
    193 Posts

    Re: AAA LDAP timeout

    ‏2013-04-29T20:30:15Z  
    • swlinn
    • ‏2013-04-29T18:26:02Z

    For your LDAP connection, I believe this is driven by your service's user agent timeout, which I believe is quite lengthy (5 minutes).  Now if your front side timeout is 120 seconds, then the request will be abandoned when the front side timeout fires first before your user agent timeout.  You should specify reasonable timeout values as 2 or 5 minutes is an eternity

    Regards,

    Steve

    Seems to be useragent timeout is not related to LDAP. Tried by changing useragents time to less than 2 minutes but this doesn't got used . connecting wit LDAP took 3 minutes or so and failed

  • kenhygh
    kenhygh
    1607 Posts

    Re: AAA LDAP timeout

    ‏2013-04-30T12:23:04Z  
    • msmps
    • ‏2013-04-29T20:30:15Z

    Seems to be useragent timeout is not related to LDAP. Tried by changing useragents time to less than 2 minutes but this doesn't got used . connecting wit LDAP took 3 minutes or so and failed

    There's no LDAP-specific setting in current levels of firmware.

    V6.0, just announced, contains a setting for LDAP timeouts.

    Ken

  • ABR4_vidapankal_shafi
    6 Posts

    Re: AAA LDAP timeout

    ‏2014-04-20T08:43:20Z  
    • kenhygh
    • ‏2013-04-30T12:23:04Z

    There's no LDAP-specific setting in current levels of firmware.

    V6.0, just announced, contains a setting for LDAP timeouts.

    Ken

    How does this issue got fixed let me know plz

  • Trey
    Trey
    225 Posts

    Re: AAA LDAP timeout

    ‏2014-04-21T23:29:04Z  

    How does this issue got fixed let me know plz

    Just as Ken noted above the best method to resolve ldap connection behavior or misbehavior is to use firmware version 6.0 or higher and use some of the new features;

    http://pic.dhe.ibm.com/infocenter/wsdatap/v6r0m0/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2Fldapconnectionpoolcommands.html

    specifically the idle-timeout and pool size can help a lot.

    Hope that helps.