Description:

LDAP Ping Server thread.

Solution:

The Ping Search thread periodically pings each LDAP directory server instance with which it is associated. The ping actually validates the connection by doing the following LDAP search:

Search is performed with a scope of 0 (base) and specify a single attribute to be returned (objectclass) for e.g :

SRCH base="" scope=0 filter="(objectClass=*)" attrs="objectClass" and the result will be:

RESULT err=0 tag=101 nentries=1 etime=0

The LDAP Ping Timeout search (objectClass=*) for both the Policy and User Store directory use the same default value of 10 seconds.

This is also controlled by the registry setting "LDAPPingTimeout" at location :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug

However the LDAP APIs for Ping Search are different for Policy and User Store.

Policy Store Ping Search uses ldap_search (when LDAPPingTimeout=0) and ldap_search_st (when LDAPPingTimeout > 0)

User Store Ping Search uses ldap_search_ext_s. The Search Timeout values for Policy and User Stores are different.

For Policy and Key Stores, it is default 20 seconds and can be configured through the registry setting "SearchTimeout" at following location :

For Policy Store :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore

For Key Store :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapKeyStore

For User Store, it is default 30 seconds and is configurable in the Admin UI.