How often should SCM synchronize with the LDAP directory?

Document ID : KB000048862
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

How often should SCM synchronize with the LDAP directory, the default is once a day.

Solution:

When SCM synchronizes with the LDAP server, what it is doing is reading through the LDAP directory refreshing any changes in the properties for users listed in the haruser table. Things like phone number, email address, full name, external group memberships (if external groups are enabled), etc. This information most likely does not need to be resynchronized frequently as most of that information is fairly static. The default is once a day (1:0:0:0).

This option is set in your hserver.arg file with a line like this:
-authsyncinterval=1:0:0:0

The authsyncinterval value you provide should be in the format "dd[:hh[:mm[:ss]]]", where dd is days, hh is hours, mm is minutes, and ss is seconds.

Default: 1 (1day)
Minimum: 0:1 (1hour)

Note: If the value of the authentication synchronization interval is invalid or less than one hour, the broker uses the minimum value (1 hour).
Limits: 20 characters

Examples:

 -authsynchinterval=1:4 specifies 28 hours (1 day plus 4 hours). 	
 -authsynchinterval=1:4:6 specifies 28 hours plus 6 minutes (1 day plus 4 hours plus 6 minutes). 	
 -authsynchinterval=0:4:0:30 specifies 4 hours plus 30 seconds.

In addition to automatic synchronization with LDAP, every time you start up the broker it automatically does a synchronization with the LDAP directory as one of it's first orders of business.

If you do set the automatic synchronization to a longer interval and find a case where synchronization needs to happen before the next scheduled time (for example when you add a new user to SCM), you can also synchronize "on-demand" with the hauthsync command.