Symantec Access Management

 View Only
  • 1.  Siteminder LDAP Ping thread Search Query Change

    Posted Jun 23, 2017 05:17 PM

    Hi, We have had an issue with Siteminder 12.52 policy server which brought down many application logins in prod. As part of troubleshoot we noticed that one of the user store(OUD 11.x) version was having some issue however Siteminder didn't realize that OUD is down and route the traffic other available OUD instances which are healthly configured as FO and LB in the logical user directory configuration with siteminder.

     

    Also, We observed that Siteminder Ping thead uses this query to check the availability of the LDAP User store 

    SEARCH REQ conn=5142542 op=7 msgID=8 base="" scope=base filter="(objectclass=*)" attrs="objectclass" even though this query returned an error however siteminder keep sending the AuthN/Authz request the OUD instance which experienced this issue.

     

    Is there a way to change Ping thread query in Siteminder? If so how to do that?



  • 2.  Re: Siteminder LDAP Ping thread Search Query Change
    Best Answer

    Posted Jun 23, 2017 08:08 PM

    No it is not possible to change Ping Thread Query.


    However, if the ping search returned error , Policy server should mark the LDAP as down and shouldn't have sent further Auth/Az request to it.


    I will suggest opening support ticket for us to investigate.