Modifying an LDAP Connector Connection Time-out

Troubleshooting

Problem

If the LDAP Connector cannot establish a connection, the connector will time-out. Although based on the Operating System TCP settings, this time-out can exceed many minutes.

Symptom

If a target host is not available (or not reachable) the LDAP connector will take 'x' minutes to detect the connection has been lost. An error similar to the following will occur in the log.

CTGDIS044I Initializing Connector.
CTGDJQ009I No binary attributes specified using default: photo personalSignature audio jpegPhoto javaSerializedData thumbnailPhoto thumbnailLogo userPassword userCertificate authorityRevocationList certificateRevocationList crossCertificatePair x500UniqueIdentifier objectGUID objectSid deltaRevocationList.

CTGDIS495I handleException , initialize, havax.naming.CommunicationException: hostname:389 [Root exception is java.net.UnknownHostException: hostname]

Upon a review of the ibmdi.log, the system administrator may notice a large gap of time in regards to the timestamp found after the 'CTGDJQ009I No binary attributes specified using default' log message.

Cause

By default, the time-out of a connection attempt in the LDAP Connector relies on the Operating System TCP time-out setting.

Note: The LDAP Connector provides a 'Time Limit' parameter on the Connection Tab > Advanced Section. This parameter handles the time limit for a 'search', which is not related to the Connector's initial connection attempt time-out setting.

Resolving The Problem

To override the default behavior of the Connector's default setting to rely on the Operating System TCP time-out setting, perform the following:

In the Advanced section of the LDAP Connector's Connection tab, there is a section named "Extra Provider Parameters". In the entry box, add the following line:

com.sun.jndi.ldap.connect.timeout:500

This value is in milliseconds, so 500 milliseconds = half second. The connection will be established within this period, or the connection is aborted. Once a connection error is reported, i.e. the connection is aborted, then TDI will proceed based on the rules defined on the Connection Errors tab.

For more information please refer to the 'Provider-specific Properties' section at the Related URL below.

Related Information

LDAP Naming Service Provider for the JNDI

[{"Product":{"code":"SSCQGF","label":"Tivoli Directory Integrator"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.1;7.1;7.0;6.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

ISDI;TDI;ITDI

Was this topic helpful?

Document Information

Modified date:
16 June 2018

UID

swg21618170

Tips