Configuration GuideCreating an Identity Manager Directory for an LDAP User StoreAdditional Identity Manager Directory Properties › Specify Replication Wait Time

Previous Topic: Search across Objectclasses

Next Topic: Specify LDAP Connection Settings

Specify Replication Wait Time

In a deployment that includes replication between master and slave LDAP directories, you can configure the Policy Server to communicate with a slave directory. In this configuration, the Policy Server automatically detects referrals that point to the master directory during operations that write data to the LDAP directory. The data is stored in the master LDAP directory and replicated to the slave LDAP directory according to the replication scheme of your network resources.

In this configuration, when you create an object in CA Identity Manager, the object is created in the master directory and replicated to the slave directory. A delay may occur during the replication process that causes the create action to fail in CA Identity Manager.

To prevent this issue from occurring, you can specify the amount of time (in milliseconds) that CA Identity Manager waits before "timing out" in the REPLICATION_WAIT_TIME property.

Note: On Solaris systems, the replication wait time is processed in seconds not milliseconds, although it is specified as milliseconds. For example, when you specify the REPLICATION_WAIT_TIME as 800 milliseconds, which is less then a second, then IdentityMinder waits 0 seconds. When the REPLICATION_WAIT_TIME is 1600 milliseconds, CA Identity Manager waits 1 second.

To specify replication wait time

  1. In the directory configuration file (directory.xml), locate the ImsManagedObject element that describes the user object.
  2. Add the following PropertyDict element: 
    <PropertyDict name="REPLICATION_WAIT_TIME" description="time delay in milliseconds for ldap prodvider to allow replication to propagate from master to slave"> 
<Property name=REPLICATION_WAIT_TIME"><time in milliseconds></Property>
</PropertyDict>

    Note: The PropertyDict element must be the last element in the ImsManagedObject element, as in the following example:

    <ImsManagedObject name="User" description="My Users" objectclass="top,person,organizationalperson,inetorgperson,customClass" objecttype="USER">
<ImsManagedObjectAttr physicalname="departmentnumber" displayname="Department" description="Department" valuetype="String" required="true" multivalued="false" maxlength="0" />
.
.
.
<PropertyDict name="REPLICATION_WAIT_TIME" description="time delay in milliseconds for ldap provider to allow replication to propagate from master to slave"> 
<Property name=REPLICATION_WAIT_TIME">800</Property>
</PropertyDict>

When the replication wait time is not defined, the default value 0 is used.

Copyright © 2010 CA. All rights reserved. Email CA about this topic