Ldap connector DAP_TIMELIMIT_EXCEEDED
cneberg at gmail.com
Wed Apr 10 11:16:28 EDT 2019
>If you're seeing timeLimitExceeded then you're likely processing an empty result set. Check your logs to confirm.
Yes, I believe that is what is happening. Since there was an error
I'd like it to retry, preferably to a different ldap server in the
list and if that fails - return an error to the user. If there
is an ldap error I don't think it makes sense to treat it the same as
the user not being in ldap.
On Tue, Apr 9, 2019 at 10:21 PM Daniel Fisher <dfisher at vt.edu> wrote:
> On Tue, Apr 9, 2019 at 3:03 PM cneberg <cneberg at gmail.com> wrote:
>> What is the expected behavior of the ldap data connector on the lasted
>> IDP when the ldap server returns 3 LDAP_TIMELIMIT_EXCEEDED?
> The IDP will process whatever results it has received, that's typically none since most searches are looking for a single entry.
>> One of my upstream ldap servers is over burdened and it appears some
>> users who should be found in ldap are not. Then it seems to continue
>> their sso session with no attributes.
> If you're seeing timeLimitExceeded then you're likely processing an empty result set. Check your logs to confirm.
> --Daniel Fisher
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users