When we do a "Refresh Accounts" of an AD account from IM via Modify User’s Endpoint Account, we observed the operation timeout issue.

Release : 14.5.1
Component : CA Identity Manager

For AD account, when we do a refresh accounts, IM sends 5 search requests.

The query that introduces the long time is the 5th one which is taking up to 5 min.

20:57:43,650 FINER [com.ca.commons.jndi.beans.operations] (default task-2) Search[228] Started: base=eTADSDirectoryName=Test,eTNamespaceName=ActiveDirectory,dc=im,dc=eta filter=(&(&(eTADTestDomain=*)(eTADTestNumber=*)(&(eTADTestDomain=test)(eTADTestNumber=10000)))(objectClass=eTADSGroup)) controls=[scope=subtree, returning objects=false, count limit=0, time limit=0, return=eTAllowPartialResult,eTID]

Since the query#3 returned a value for eTADTestDomain & eTADTestNumber (Unix attributes), IM searches for the corresponding group in the AD and obviously it’s long to get this from the test domain.

20:57:42,587 FINER [com.ca.commons.jndi.beans.operations] (default task-2) Search[241] Started: base=eTADSAccountName=Test123,eTADSOrgUnitName=Test,eTADSOrgUnitName=Test,eTADSOrgUnitName=Test,eTADSOrgUnitName=Users,eTADSOrgUnitName=Test,eTADSDirectoryName=Test,eTNamespaceName=ActiveDirectory,dc=im,dc=eta filter=(objectClass=*) controls=[scope=object, returning objects=false, count limit=0, time limit=0, return=eTCreateDate,eTCreateTime,.......etc.,eTADTestDomain,eTADTestNumber]

Engineering provided a hot fix (HF-DE617654.zip) to resolve this issue as part of defect DE617654. If you face the same issue then please create a support ticket and request for the fix.