|
Problem |
Fix PQ54156 and implementation instructions are available
for WebSphere Application Server V4.0.1. This code fix is included in
V4.0.2. However, you need the following instructions to use this fix.
PQ51744 provided this function for V3.5 releases. |
|
Cause |
While performing Lightweight Directory Access Protocol
(LDAP) search operations, WebSphere Application Server reuses the same
initial context and the same network connection, which works fine for a
single LDAP server. To perform a search in an LDAP cluster, WebSphere
Application Server cannot reuse the same connection and has to make new
connections because a search can be routed to different servers. |
|
Solution |
For V4.0.2, you do not need to apply an efix. However, you
do need to use the following instructions to use these features:
Description/problem: If you use Lightweight Third Party
Authentication (LTPA) and your LDAP server is a cluster (several backend
servers grouped by a router and network dispatcher), and you experience
authentication failures or very slow authentication, you might consider
using this solution.
Included are two features with which users can change Java Naming and
Directory Interface (JNDI) default settings. (You can combine the
following two configurations or you can choose one of them).
- Allow users to set up a small LDAP search time limit, which is the
maximum time to wait for results from the LDAP server.
To set the time limit of a search, pass the number of milliseconds as a
parameter. For example, set a 30 second time limit, by adding the
following property to the admin.config file :
jndi.LDAP.SearchControl.TimeLimit = 30000
The Sun JNDI default timeout is set to infinity, and the IBM default
timeout to 5 minutes.
(If your main purpose is failover and your router has affinity, all
requests are routed to the same primary server unless the primary server
is down, So, if all requests are sent to the same single server in a
session, this configuration works.)
Attention: If the time limit is too small, a search can be
suspended before the search is completed.
- A URL context implementation is a context that can handle arbitrary
URL strings of the URL scheme supported by the context.
To support URL context implementation, add the following property to the
admin.config file:
jndi.LDAP.URLContextImplementation = true
If your router spreads requests to different LDAP servers (lack of
affinity), you need to turn on this flag.
Attention: By forcing URL context implementation, each search
operation opens a new connection and closes the connection after the
search is finished.
|
|
|
|
Historical Number |
PQ54156
PQ51744 |
|
|
|
|
|