Docker: IAM LDAP Configuration - Not able to sync groups

book

Article ID: 144813

calendar_today

Updated On:

Products

CLOUDTEST CA Application Test CA Cloud Test Mobile MOBILECLOUD Service Virtualization

Issue/Introduction

IAM container (sv-docker.packages.ca.com/sv/iaam) crash when performing AD Group Sync.
 
 

Cause

There are too many AD groups to sync.
IAM is timing out.
The default timeout is 5 minutes.

Environment

Release : 10.5.1

Component : CA Service Virtualization

Resolution

1) In the IAM installed/upgraded folder, add/increase the timeouts to 1800 (i.e 30 min) in standalone.xml ((/IdentityAccessManager/standalone/configuration/standalone.xml).
For "jboss.as.management.blocking.timeout"system property, "deployment-scanner"property and JTA transaction timeout limit as shown below.
Set the timeout value depending on the size of users and groups.

Standalone.xml:
...
<system-properties><property name="iam.truststore.password" value="${iam.truststore.password}"/>
<property name="jboss.as.management.blocking.timeout" value="1800"/>
</system-properties>
... 
<profile>
...
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0"><deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" deployment-timeout="1800"runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/></subsystem>
... 
</profile>
...
<subsystem xmlns="urn:jboss:domain:transactions:4.0"><core-environment><process-id><uuid/></process-id></core-environment><recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/><coordinator-environment default-timeout="1800"/><object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>

2) Use the LDAP group filter to target specific AD groups.

Additional Information

For configuring LDAP group filter see:
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=134302