Friday, 25 November 2016

LIBOVD-40066 javax.naming.NamingException: LDAP response read timed out, timeout used:15000ms



The below error coming after integrating the LB of OVD in the OAM identity store provider.


<Nov 24, 2016 5:48:37 AM PST> <Warning> <oracle.ods.virtualization.exception> <LIBOVD-40066> <Remote Server Failure:{0}.
javax.naming.NamingException: LDAP response read timed out, timeout used:15000ms.; remaining name “cn=users,o=external firms,dc=xyz,dc=xyz,dc=xyz
        at com.sun.jndi.ldap.Connection.readReply(Connection.java:452)
        at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
        at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
        at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:272)
        at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:221)
        at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:759)
        at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
        at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:91)
        at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:908)
        at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
        at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:210)
        at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:355)
        at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:320)
        at oracle.ods.virtualization.engine.backend.AdapterServiceInterface.getByAdapter(AdapterServiceInterface.java:589)
       
 Solution:



1. In OAM console, Configuration -> Data Sources / User Identity Stores -> "Inactivity Timeout" field

For example, please set the 'Inactivity Timeout (seconds)' to a value less than the Firewall or Load-Balancer idle connection timeout value.

The standard idle connection timeout settings for Firewalls and/or Load-Balancers is typically 60 minutes (to be verified in your case and based on your environment specific).

For example, In this case (of 60 minutes for FWs/LBs timeout), then a suitable setting would be for example:

Inactivity Timeout (seconds): 3300

So, This will configure OAM to gracefully remove the LDAP connection from the connection pool after 55 minutes if No activity occurring.

The 'socket.readtimeout' parameter. This has to be changed manually in the oam-config.xml file by adding the following line in the Identity Store configuration :

 <Setting Name="socket.readtimeout" Type="xsd:String">value in milliseconds</Setting>

The socket.readtimeout is specific to every deployment and need to be adjusted based on firewall, i.e. it needs to be less than the firewall timeout.

Currently this UI configuration as well as corresponding WLST is missing, and thus you can only manually configure it in the oam-config.xml file by adding the following line in the relevant idstore configuration:

 <Setting Name="socket.readtimeout" Type="xsd:String">value in milliseconds LESS THAN FIREWALL TIMEOUT IN MILLISECONDS</Setting>

PS: PLEASE DO NOT FORGET to also update the Version number of the oam-config.xml file.
That is after adding this line, you would need to go to the top of the oam-config.xml file, and to search/locate for the first "Version" entry (with an Upper case "V"). Then to increment the integer value of the "Version" by +1.

  Note:     For example, in case where you might have the actual value being set to "67" for example, then you would/should have something like this, after incrementing it by +1:
                         <Setting Name="Version" Type="xsd:integer">68</Setting>

PS: Again, the values provided for those 2 parameters above should be less than the firewall timeout.

2. add the below parameter in the oam-config.xml file
      
             <Setting Name="LdapReadTimeout" Type="xsd:string">120000</Setting>
      
        Link for reference - https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=197729438912796&id=1496120.1&_afrWindowMode=0&_adf.ctrl-state=9qsrt9v4d_369