LDAP related Error: some quires fro siteminder when connecting to LDAP Sunone/Redhat Directory Server as policy store fails when doing a search and gives below error[CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" "(&(xpsNumber=*)(!(xpsCategory

book

Article ID: 49082

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Policy server fails to complete the LDAP search quires when connecting to LDAP sunone Directory server or Redhat Directory Servers and throws below error:

[14725/-382837872][Tue May 22 2012 10:49:34][CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" for "(xpsNumber=*)", text: Timed out 

[14725/-407159920][Tue May 22 2012 11:08:50][CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" for "(&(xpsNumber=*)(!(xpsCategory=1))(modifytimestamp>=0))", text: Timelimit exceeded 

This indicates the search policy server was doing was not completed and timed out. This will make policy server slow when we make some changes specially through WAMUI.

Solution:

The solution to these errors add the below registry entry in sm.registry for Linux or add in registry for windows,

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore=330553292

SearchTimeout= 0x258; REG_DWORD

This will increase the LDAP search time, this can be more depending upon the envirnoment. LDAP servers may need to be tuned more.

  1. Make sure that the LDAP cache on the LDAP server is sized properly.

    consider increasing if at 100%

  2. "nsslapd-allidsthreshold" (Default is 4,000). Increase to 20,000. You might need to increase higher.

  3. Possibly consider the following SunOne parameter: nsslapd-search-tune

    Set it to 59.

Environment

Release:
Component: SMPLC