LDAP related Error: some quires fro siteminder when connecting to LDAP Sunone/Redhat Directory Server as policy store fails when doing a search and gives below error[CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" "(&(xpsNumber=*)(!(xpsCategory
Article ID: 49082
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Description:
Policy server fails to complete the LDAP search quires when connecting to LDAP sunone Directory server or Redhat Directory Servers and throws below error:
[14725/-382837872][Tue May 22 2012 10:49:34][CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" for "(xpsNumber=*)", text: Timed out
[14725/-407159920][Tue May 22 2012 11:08:50][CA.XPS:LDAP0014][ERROR] Error occurred during "SearchExt" for "(&(xpsNumber=*)(!(xpsCategory=1))(modifytimestamp>=0))", text: Timelimit exceeded
This indicates the search policy server was doing was not completed and timed out. This will make policy server slow when we make some changes specially through WAMUI.
Solution:
The solution to these errors add the below registry entry in sm.registry for Linux or add in registry for windows,
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore=330553292
SearchTimeout= 0x258; REG_DWORD
This will increase the LDAP search time, this can be more depending upon the envirnoment. LDAP servers may need to be tuned more.
- Make sure that the LDAP cache on the LDAP server is sized properly.
consider increasing if at 100%
- "nsslapd-allidsthreshold" (Default is 4,000). Increase to 20,000. You might need to increase higher.
- Possibly consider the following SunOne parameter: nsslapd-search-tune
Set it to 59.
Environment
Release:
Component: SMPLC
Component: SMPLC
Feedback
Yes
No
Powered by
