We're running Policy Server, and when a backend LDAP Server is down,
the Policy Server marks it down and it tries to check its status
sometime after. We'd like to know if this behavior is configurable,
so to make the Policy Server to check the LDAP server status only 10
minutes after, and then to check it for 2 minutes, and then wait
another 10 minutes to check its status.
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
As long as the LDAP server is in the configuration, the Policy Server
will check its availability each 30 seconds :
1. PING Connection : The PING connection is used to check the health
of the LDAP server periodically. One PING thread is created per
each LDAP Failover group.
PING's thread ping connections send the following query every 30
seconds to test that the LDAP server is up and listening on the
SRC base="<root object>" scope=0 filter="(objectclass=*)"
Unfortunately, this behavior cannot be change and we invite you to open
an Idea on the Security page to get it implemented.
1. Go to the "All Ideas" page :
2. Click on the "Add" button.
3. In the "Select categories...", select "Layer7 Access Management".
4. Write a title in the "title" box.
5. Write a complete description of the Enahcement Request or
Certification you'd like to post.
6. Click on "Save" to get the Idea submitted !
Further info about that LDAP Ping process :
Siteminder LDAP Ping thread Search Query Change
Configure the LDAP Ping Timeout for the Policy Store, Session Store, and All User Directories