Some Workflow requests are incorrectly being sent to the Default Approver

Document ID : KB000005743
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Some Workflow requests are incorrectly being sent to the Default Approver - Approval requests being sent to the Default Approver even if the Approvers Group is OK.

Environment:
CA Privileged Identity Manager r12.8MS Active Directory 2008 R2
Cause:

This exception occurs when Active Directory determines a connection has remained idle for too long and closes it on the Active Directory side. As a result, when user actions trigger LDAP searches to use the closed connection and throws an exception. To resolve the problem, Set the JVM argument com.sun.jndi.ldap.connect.pool.timeout to a small timeout value, forcing application to close the connection before the Active Directory server closes the connection. 

Resolution:

Please following the below instructions to add the timeout value to JVM argument: 

Note: This needs to be done in all the ENTM and LB's 

 

Windows: 

 

1. Stop the JBoss 

2. Navigate to <JBOSS_HOME>/bin 

3. Backup the existing run_idm.bat file 

4. Add the following line above the set JAVA_OPTS=-Djava.security.policy=.\workpoint_client.policy -Xms512m -Xmx1024m -XX:MaxPermSize=256m %JAVA_OPTS% 

 

set LDAP_OPTS=-Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=10000 

 

5. Now add LDAP_OPTS to the JAVA_OPTS 

 

set JAVA_OPTS=%IDM_OPTS% %JAVA_OPTS% %DEBUG_OPTS% %LDAP_OPTS% 

 

6. Start the JBoss 

 

Linux: 

 

1. Stop the JBoss 

2. Navigate to <JBOSS_HOME>/bin 

3. Backup the existing run_idm.sh file 

4. Add the following line above the JAVA_OPTS="$IDM_OPTS -Djava.security.policy=workpoint_client.policy -Xms256m -Xmx512m -XX:MaxPermSize=128m" 

 

LDAP_OPTS="-Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=10000" 

 

5. Now add LDAP_OPTS to the JAVA_OPTS 

 

JAVA_OPTS="$IDM_OPTS -Djava.security.policy=workpoint_client.policy -Xms256m -Xmx512m -XX:MaxPermSize=128m $LDAP_OPTS" 

 

6. Start the JBoss

 

It is important to set the value of "com.sun.jndi.ldap.connect.pool.maxsize" correctly. Setting a value that is too high may affect performance; setting a value too low will impact concurrent logins capacity.