Policy Server :: LDAP Server Status : Modify the ldap ping process

book

Article ID: 98073

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



We're running Policy Server, and when a backend LDAP Server is down,
the Policy Server marks it down and it tries to check its status
sometime after. We'd like to know if this behavior is configurable,
so to make the Policy Server to check the LDAP server status only 10
minutes after, and then to check it for 2 minutes, and then wait
another 10 minutes to check its status.

Environment

Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:

Resolution

 

As long as the LDAP server is in the configuration, the Policy Server
will check its availability each 30 seconds :

1. PING Connection : The PING connection is used to check the health 
   of the LDAP server periodically. One PING thread is created per 
   each LDAP Failover group. 

   PING's thread ping connections send the following query every 30 
   seconds to test that the LDAP server is up and listening on the 
   LDAP port 

   SRC base="<root object>" scope=0 filter="(objectclass=*)" 


   https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=5184

  
Unfortunately, this behavior cannot be change and we invite you to open 
an Idea on the Security page to get it implemented. 

  1. Go to the "All Ideas" page :
     https://community.broadcom.com/ideation/allideas
  2. Click on the "Add" button.
  3. In the "Select categories...", select "Layer7 Access Management".
  4. Write a title in the "title" box.
  5. Write a complete description of the Enahcement Request or
     Certification you'd like to post.
  6. Click on "Save" to get the Idea submitted !

 

Additional Information

 

Further info about that LDAP Ping process : 

Siteminder LDAP Ping thread Search Query Change 

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=766912#bm5cc681a0-c5e8-4fc6-bf36-a85292e01ad7


Configure the LDAP Ping Timeout for the Policy Store, Session Store, and All User Directories 

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/configuring/policy-server-configuration/configure-policy-server-data-storage-options/configure-ldap-storage-options.html