Many connections to CA Directory Server are in CLOSE_WAIT state.

book

Article ID: 52434

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

We are using CA Directory with Policy Server in high availability architecture and seeing many connections to the directory in CLOSE_WAIT state.

I need to reboot the Policy Server to get those connect away from CLOSE_WAIT state. How could I fix it?

Solution:

You will need to configure the following parameters for CA DSA according to your architecture and fitting to your needs:

  • Max-users
  • user-idle-time
  • credits
  • mimic-netscape-for-siteminder
  • hold-ldap-connections = true
  • concurrent-bind-user

This last variable concurrent-bind-user should contain the users DN which uses SM to connect to DSA. This option can be found in page 52 of CA Directory r8.1 (Directory_Admin_ENU.pdf), section Process Concurrent Binds from SiteMinder.

Environment

Release:
Component: SMPLC