In a deployment that includes replication between master and slave LDAP directories, you can configure the SiteMinder Policy Server to communicate with a slave directory. In this configuration, the Policy Server automatically detects referrals that point to the master directory during operations that write data to the LDAP directory. The data is stored in the master LDAP directory and replicated to the slave LDAP directory according to the replication scheme of your network resources.
In this configuration, when you create an object in CA IdentityMinder, the object is created in the master directory and it is also replicated to the slave directory. A delay may occur during the replication process that causes the create action to fail in CA IdentityMinder.
To prevent this issue from occurring, you can specify the amount of time (in seconds) that CA IdentityMinder waits before "timing out" in the REPLICATION_WAIT_TIME property.
Follow these steps:
<PropertyDict name="REPLICATION_WAIT_TIME" description="time delay in seconds for LDAP provider to allow replication to propagate from master to slave"> <Property name=REPLICATION_WAIT_TIME"><time in seconds></Property> </PropertyDict>
Note: The PropertyDict element must be the last element in the ImsManagedObject element, as in the following example:
<ImsManagedObject name="User" description="My Users" objectclass="top,person,organizationalperson,inetorgperson,customClass" objecttype="USER"> <ImsManagedObjectAttr physicalname="departmentnumber" displayname="Department" description="Department" valuetype="String" required="true" multivalued="false" maxlength="0" /> . . . <PropertyDict name="REPLICATION_WAIT_TIME" description="time delay in seconds for LDAP provider to allow replication to propagate from master to slave"> <Property name=REPLICATION_WAIT_TIME">800</Property> </PropertyDict>
When the replication wait time is not defined, the default value 0 is used.
|
Copyright © 2013 CA.
All rights reserved.
|
|