Oracle Access Manager 12c PS3 (OAM 220.127.116.11) How To Update the LDAPReadTimeout Value
(Doc ID 2476158.1)
Last updated on JULY 12, 2021
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.
- Symptoms related to LDAP connection timeout issues
In OAM 11gr1 (OAM 22.214.171.124 BP05 and later) the default value was 1500ms. Starting with OAM 11gr2 it was changed to 2000ms.
If the backend LDAP server does not execute the OAM LDAP operation to authenticate the user within 2 seconds (Default out of box setting for 11g2ps2), the authentication fails.
The default value of 2000ms should ideally suffice.
If the OAM LDAP operations take more than 2000 ms, then this typically indicate a LDAP Directory performance problem and the LDAP server should be tuned.
However it is possible to configure the LdapReadTimeout for each OAM Identity Store by by changeing the default value manually in the oam-config.xml file
With OAM 12c (126.96.36.199.x) the above no longer applies.
OAM 12c is hard coded for 2000ms (com.sun.jndi.ldap.read.timeout) and was not changeable until the fix provided from <Bug:27963081>
Some reported symptoms in 12, supported by errors in log files related to LDAP connection timeout issues like, LDAP response read timed out, timeout used:2000ms.
- User Identity Store creation fails for LDAP servers with large dataset (large number of users)
- Intermittent Authentications issues
This note will provide the steps on how to update the LDAP Response Read Timed out (LDAPReadTimeout) as it was called in OAM 11g for OAM 12c parameter called ORACLE_OAM_JNDILDAPREADTIMEOUT
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|With OAM 12c (188.8.131.52.x) the above no longer applies.|