cneberg cneberg at gmail.com
Tue Apr 9 15:03:22 EDT 2019

What is the expected behavior of the ldap data connector on the lasted
IDP when the ldap server returns 3 LDAP_TIMELIMIT_EXCEEDED?   I have
connectionstrategy set to RANDOM but could try something else.
Should it retry on the same ldap server or a different one in the
list?  And if it fails a second time - what should happen?  How many
chances does it get to succeed?  Then what should happen on failure?

Does the noResultIsError value come into play?   Because a few users
legitimately shouldn't be found in ldap - so its not clear cut that no
results is an error, but an actual from the ldap server should be
treated as an error.

One of my upstream ldap servers is over burdened and it appears some
users who should be found in ldap are not.   Then it seems to continue
their sso session with no attributes.


More information about the users mailing list