LDAP Stores :: Ping Search

book

Article ID: 50115

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

LDAP Ping Server thread.

Solution:

The Ping Search thread periodically pings each LDAP directory server instance with which it is associated. The ping actually validates the connection by doing the following LDAP search:

Search is performed with a scope of 0 (base) and specify a single attribute to be returned (objectclass) for e.g :

SRCH base="" scope=0 filter="(objectClass=*)" attrs="objectClass" and the result will be:

RESULT err=0 tag=101 nentries=1 etime=0

The LDAP Ping Timeout search (objectClass=*) for both the Policy and User Store directory use the same default value of 10 seconds.

This is also controlled by the registry setting "LDAPPingTimeout" at location :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug

However the LDAP APIs for Ping Search are different for Policy and User Store.

Policy Store Ping Search uses ldap_search (when LDAPPingTimeout=0) and ldap_search_st (when LDAPPingTimeout > 0)

User Store Ping Search uses ldap_search_ext_s. The Search Timeout values for Policy and User Stores are different.

For Policy and Key Stores, it is default 20 seconds and can be configured through the registry setting "SearchTimeout" at following location :

For Policy Store :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore

For Key Store :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapKeyStore

For User Store, it is default 30 seconds and is configurable in the Admin UI.

Environment

Release:
Component: SMPLC