Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multiple LDAP configuration for Portal

Former Member

‎02-06-2012 4:03 PM

0 Kudos

Hi,

We have configured multiple LDAP to connect to our portal, and everything is working fine. We are facing a issue, when one of the two LDAP is down Portal response time becomes unacceptably high. The high response time for LDAP users is understood but for UME users also it take forever to login. In default trace I see portal is trying to ping other LDAP (which is down). Is there any way to change this behaviour? Is there a parameter we can set in UME or datasource configuration?

5 REPLIES 5

martin_voros
Active Contributor

‎02-07-2012 6:20 AM

0 Kudos

Hi,

what about solution mentioned in note 829965. You can decrease time out time. So it will still try to ping all LDAPs but it will fail faster.

Cheers

Former Member
In response to martin_voros

‎02-07-2012 3:48 PM

0 Kudos

Thanks Martin for your response. The note 829965 is for high availability for the same LDAP. Means LDAP1 will have two servers configured if one fails system will switch to other one. But in my case LDAP1 is fine and LDAP2 which does not have High availability configured fails often (and for some reason it is beyond my control) So I am looking for some solution I can implement if LDAP2 fails system will not halt. Thanks again

martin_voros
Active Contributor
In response to martin_voros

‎02-07-2012 9:11 PM

0 Kudos

Hi,

I haven't tested it but the parameter ume.ldap.connection_pool.connect_timeout sets time out for connection to LDAP. In scenario described in that note you have multiple LDAPs in connection pool for HA. In your scenario you have multiple LDAPs because you have distributed users. That note says that only way how SAP can know that LDAP is down is to wait for connection timeout. So it seems to me that if you lower connection timeout SAP will fail faster to connect to LDAP that is down and it will try other LDAPs. But I might be wrong.

Cheers

Former Member
In response to martin_voros

‎02-07-2012 10:12 PM

0 Kudos

Hi Martin,

I agree with you if we set timeout parameter to lesser value, connection will be timed out faster, But issue still remains there will still be delay in logging in. E.g. LDAP1 is active and LDAP2 is down, If an user from LDAP1 is logged in, as per my understanding UME will check user existance in database first, then LDAP1 and then LDAP2 (LDAP1 comes first in datasource configuration). UME should return sucessful logon as soon as it finds user in LDAP1, but this does not seem to happen. I have also observed that LDAP adapter will keep pinging LDAP2 irrespective of user logging in or not.

martin_voros
Active Contributor
In response to martin_voros

‎02-07-2012 10:59 PM

0 Kudos

Hi,

maybe opening OSS message with SAP is the only way to solve this issue. Another solution could be to use additional LDAP server that would combine those multiple LDAPs and it would be under your control. SAP IdM can do this.

Cheers