UDS reports read timeout while search user from backend CA directory
search cancel

UDS reports read timeout while search user from backend CA directory

book

Article ID: 246642

calendar_today

Updated On:

Products

CA Strong Authentication

Issue/Introduction

The UDS is connecting to CA directory nodes via NLB.

2022-07-15 14:13:46,511 HKT : [https-jsse-nio2-0.0.0.0-8443-exec-3] : DEBUG : usermgmt.db.LDAPUserService : [N/A] : [206183d4-7005-498a-aaba-8caae91e9445] : Initializing User Manager
...
2022-07-15 14:13:46,514 HKT : [https-jsse-nio2-0.0.0.0-8443-exec-3] : ERROR : ldap.impl.LDAPUserDAOImpl : Context error 'LDAP response read timed out, timeout used:-1ms.'
2022-07-15 14:13:46,514 HKT : [https-jsse-nio2-0.0.0.0-8443-exec-3] : WARN  : ldap.usermgmt.LDAPUserRepositoryImpl : [N/A] : [206183d4-7005-498a-aaba-8caae91e9445] : [50031] : Search base node context needs tobe bound.

 

Environment

Release : 9.1

Component : AuthMinder(Arcot WebFort)

Cause

It's likely due to the ldap pool idle timeout is longer than the backend idle timeout, and the backend terminate the connection without notifying AA server.

Resolution

After we tuned the ldap pool timeout setting to less than half of the backend NLB idle timeout (350 seconds ) . The issue is not there now.

 

The ldap pool timeout can be configured in tomcat's catalina.properties file, for example, (the number is in milliseconds)

com.sun.jndi.ldap.connect.pool.timeout=100000

 

Additional Information

https://knowledge.broadcom.com/external/article?articleId=40225