The below error coming after integrating the LB of OVD in the OAM identity store provider.
<Nov 24, 2016 5:48:37 AM PST> <Warning>
<oracle.ods.virtualization.exception> <LIBOVD-40066> <Remote
Server Failure:{0}.
javax.naming.NamingException: LDAP response read timed out,
timeout used:15000ms.; remaining name “cn=users,o=external firms,dc=xyz,dc=xyz,dc=xyz”
at
com.sun.jndi.ldap.Connection.readReply(Connection.java:452)
at
com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
at
com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
at
com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
at
com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
at
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at
oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:272)
at
oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:221)
at
oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:759)
at
oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at
oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:91)
at
oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:908)
at
oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
at
oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:210)
at
oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:355)
at
oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:320)
at
oracle.ods.virtualization.engine.backend.AdapterServiceInterface.getByAdapter(AdapterServiceInterface.java:589)
Solution:
1. In OAM console, Configuration -> Data Sources / User
Identity Stores -> "Inactivity Timeout" field
For example, please set the 'Inactivity Timeout (seconds)' to a value less than the Firewall or Load-Balancer idle connection timeout value.
The standard idle connection timeout settings for Firewalls and/or Load-Balancers is typically 60 minutes (to be verified in your case and based on your environment specific).
For example, In this case (of 60 minutes for FWs/LBs timeout), then a suitable setting would be for example:
Inactivity Timeout (seconds): 3300
So, This will configure OAM to gracefully remove the LDAP connection from the connection pool after 55 minutes if No activity occurring.
For example, please set the 'Inactivity Timeout (seconds)' to a value less than the Firewall or Load-Balancer idle connection timeout value.
The standard idle connection timeout settings for Firewalls and/or Load-Balancers is typically 60 minutes (to be verified in your case and based on your environment specific).
For example, In this case (of 60 minutes for FWs/LBs timeout), then a suitable setting would be for example:
Inactivity Timeout (seconds): 3300
So, This will configure OAM to gracefully remove the LDAP connection from the connection pool after 55 minutes if No activity occurring.
The 'socket.readtimeout' parameter. This has to be changed
manually in the oam-config.xml file by adding the following line in the
Identity Store configuration :
<Setting Name="socket.readtimeout" Type="xsd:String">value in milliseconds</Setting>
The socket.readtimeout is specific to every deployment and need to be adjusted based on firewall, i.e. it needs to be less than the firewall timeout.
Currently this UI configuration as well as corresponding WLST is missing, and thus you can only manually configure it in the oam-config.xml file by adding the following line in the relevant idstore configuration:
<Setting Name="socket.readtimeout" Type="xsd:String">value in milliseconds LESS THAN FIREWALL TIMEOUT IN MILLISECONDS</Setting>
PS: PLEASE DO NOT FORGET to also update the Version number of the oam-config.xml file.
That is after adding this line, you would need to go to the top of the oam-config.xml file, and to search/locate for the first "Version" entry (with an Upper case "V"). Then to increment the integer value of the "Version" by +1.
Note: For example, in case where you might have the actual value being set to "67" for example, then you would/should have something like this, after incrementing it by +1:
<Setting Name="Version" Type="xsd:integer">68</Setting>
PS: Again, the values provided for those 2 parameters above should be less than the firewall timeout.
2. add the below parameter in the oam-config.xml file
<Setting Name="LdapReadTimeout" Type="xsd:string">120000</Setting>
Link for reference - https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=197729438912796&id=1496120.1&_afrWindowMode=0&_adf.ctrl-state=9qsrt9v4d_369
<Setting Name="socket.readtimeout" Type="xsd:String">value in milliseconds</Setting>
The socket.readtimeout is specific to every deployment and need to be adjusted based on firewall, i.e. it needs to be less than the firewall timeout.
Currently this UI configuration as well as corresponding WLST is missing, and thus you can only manually configure it in the oam-config.xml file by adding the following line in the relevant idstore configuration:
<Setting Name="socket.readtimeout" Type="xsd:String">value in milliseconds LESS THAN FIREWALL TIMEOUT IN MILLISECONDS</Setting>
PS: PLEASE DO NOT FORGET to also update the Version number of the oam-config.xml file.
That is after adding this line, you would need to go to the top of the oam-config.xml file, and to search/locate for the first "Version" entry (with an Upper case "V"). Then to increment the integer value of the "Version" by +1.
Note: For example, in case where you might have the actual value being set to "67" for example, then you would/should have something like this, after incrementing it by +1:
<Setting Name="Version" Type="xsd:integer">68</Setting>
PS: Again, the values provided for those 2 parameters above should be less than the firewall timeout.
2. add the below parameter in the oam-config.xml file
<Setting Name="LdapReadTimeout" Type="xsd:string">120000</Setting>
Link for reference - https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=197729438912796&id=1496120.1&_afrWindowMode=0&_adf.ctrl-state=9qsrt9v4d_369