Daniel Fisher dfisher at vt.edu
Tue Apr 9 23:21:02 EDT 2019

On Tue, Apr 9, 2019 at 3:03 PM cneberg <cneberg at gmail.com> wrote:

> What is the expected behavior of the ldap data connector on the lasted
> IDP when the ldap server returns 3 LDAP_TIMELIMIT_EXCEEDED?

The IDP will process whatever results it has received, that's typically
none since most searches are looking for a single entry.

> One of my upstream ldap servers is over burdened and it appears some
> users who should be found in ldap are not.   Then it seems to continue
> their sso session with no attributes.

If you're seeing timeLimitExceeded then you're likely processing an empty
result set. Check your logs to confirm.

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190409/2e89846b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20190409/2e89846b/attachment.p7s>

More information about the users mailing list