We're running Policy Server, and when a backend LDAP Server is down,the Policy Server marks it down and it tries to check its statussometime after. We'd like to know if this behavior is configurable,so to make the Policy Server to check the LDAP server status only 10minutes after, and then to check it for 2 minutes, and then waitanother 10 minutes to check its status.
As long as the LDAP server is in the configuration, the Policy Serverwill check its availability each 30 seconds :
1. PING Connection : The PING connection is used to check the health of the LDAP server periodically. One PING thread is created per each LDAP Failover group.
PING's thread ping connections send the following query every 30 seconds to test that the LDAP server is up and listening on the LDAP port
SRC base="<root object>" scope=0 filter="(objectclass=*)"
Unfortunatly, this behavior cannot be change and we invite you to openan Idea on the Security page to get it implemented.
1. Go to the CA Security Overview Page : https://communities.ca.com/community/ca-security/ca-single-sign-on 2. Click on the "Actions" drop-down menu and select "Create an idea."3. Give your idea a title and detailed description to encourage voting.4. Publish and vote on your idea!
Further info about that LDAP Ping process :
Siteminder LDAP Ping thread Search Query Changehttps://communities.ca.com/thread/241779867-siteminder-ldap-ping-thread-search-query-change
Configure the LDAP Ping Timeout for the Policy Store, Session Store, and All User Directorieshttps://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/configure-policy-server-data-storage-options/configure-ldap-storage-options
KB : KB000098073