Policy Server :: LDAP Server Status : Modify the ldap ping process


Article ID: 98073


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We're running Policy Server, and when a backend LDAP Server is down,
the Policy Server marks it down and it tries to check its status
sometime after. We'd like to know if this behavior is configurable,
so to make the Policy Server to check the LDAP server status only 10
minutes after, and then to check it for 2 minutes, and then wait
another 10 minutes to check its status.


Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP



As long as the LDAP server is in the configuration, the Policy Server
will check its availability each 30 seconds :

1. PING Connection : The PING connection is used to check the health 
   of the LDAP server periodically. One PING thread is created per 
   each LDAP Failover group. 

   PING's thread ping connections send the following query every 30 
   seconds to test that the LDAP server is up and listening on the 
   LDAP port 

   SRC base="<root object>" scope=0 filter="(objectclass=*)" 


Unfortunately, this behavior cannot be change and we invite you to open 
an Idea on the Security page to get it implemented. 

  1. Go to the "All Ideas" page :
  2. Click on the "Add" button.
  3. In the "Select categories...", select "Layer7 Access Management".
  4. Write a title in the "title" box.
  5. Write a complete description of the Enahcement Request or
     Certification you'd like to post.
  6. Click on "Save" to get the Idea submitted !


Additional Information


Further info about that LDAP Ping process : 

Siteminder LDAP Ping thread Search Query Change 


Configure the LDAP Ping Timeout for the Policy Store, Session Store, and All User Directories