Slow External Authentication Plugin Failover (Doc ID 414954.1)

Last updated on JULY 01, 2016

Applies to:

Oracle Internet Directory - Version: 11.1.0.6 and later   [Release: 11g and later ]
Information in this document applies to any platform.

Symptoms

Experiencing slow failover (more than 3 minutes) between External LDAP servers and OID/Database when using External Authentication Plugin, with OID 10.1.4 through 11g.

Using failover in external authentication is only recommended as a last resort. It depends on the TCP request to the first AD server returning an error, before it can try the second. In most networks the TCP timeout and retries will result in several seconds and sometimes minutes to detect the primary is down. This will impact every bind attempt. The proper and more effective solution is to use a virtual host and have a load balancer configured in front of the AD servers. (Please note that while this solution would work for External Authentication plugin, it does not work with DIP synchronization.)

Changes

The primary remote host, as defined in the External Authentication plugin, has gone down and is not accessible on the network.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms