Slow getting a prompt when trying to login with the SiteMinder user when the policy, user, audit or session store is on DB2.

Document ID : KB000054176
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

After setting up DB2 as the policy store and configuring ODBC, it is extremely slow to login as smuser. The prompt take up to 3 min to come back with following message:

$ su - smuser
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Packages created and bound.
Packages created and bound.
$

Also running any command as "smuser" like "stop-all" takes even longer (10min). "Packages created and bound" comes out first then the stop command runs.

Is this the expected behavior?

Solution:

The issue is because the script nete_odbc_bind.ksh runs every time you log in.

In the .profile script there is a reference to the smprofile.ksh script and it calls the nete_ps_env.ksh script and this finally calls nete_odbc_bind.ksh script:

.profile -> smprofile.ksh -> nete_ps_env.ksh -> nete_odbc_bind.ksh

The nete_odbc_bind.ksh script has been defined as follows:

<- Begin
 
#!/bin/ksh
##############################################################################
#                           nete_odbc_bind.ksh
#          Copyright 2006 CA.  All rights reserved.
##############################################################################
#
# Uncomment out the commands for any data source that are configured with
# DB2 drivers.  For any new DB2 source, add a corresponding line below.
#
##############################################################################
 
"$NETE_PS_ROOT/odbc/lib/bind21" "SiteMinder Data Source"
"$NETE_PS_ROOT/odbc/lib/bind21" "SiteMinder Tokens Data Source"
"$NETE_PS_ROOT/odbc/lib/bind21" "SiteMinder Logs Data Source"
"$NETE_PS_ROOT/odbc/lib/bind21" "SiteMinder Keys Data Source"
"$NETE_PS_ROOT/odbc/lib/bind21" "SiteMinder Session Data Source"
 
-> End

This script is calling the bind21 utility for every DB2 Data Source defined and it's causing to bind packages in the DB2 database.

The delay is because this process may take a few minutes due to the number and size of the packages that must be created on the DB2 database server.

But there's no need to run bind utility more than once and therefore you can comment in the bind utility in the nete_odbc_bind.ksh script.

Notes:

  • This is done through the Modify Bindings tab of the driver setup dialog box on windows systems.
  • Only the DB2 Wire Protocol has been certified to work with SiteMinder Policy Server.