User search on a large user store causes timeout error.

Document ID : KB000003884
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

This is only applicable where Siteminder is integrated. 

When running a user search (user_id=*) on user store with large user base, the task fails with the following error message in smps.log:

[1033/3009][Tue Feb 10 2009 02:00:48][IMS6DsLdapProvider.cpp:2920][ERROR]
(CIMSDsLdapProvider::FindIMSObjects) Search failed for filter:
(&(objectclass=top)(objectclass=person)(objectclass=organizationalperson)
(objectclass=inetorgperson)(objectclass=idmsuser)(uid=*))
[1033/3009][Tue Feb 10 2009 02:00:48][IMS6DsLdapProvider.cpp:2921][ERROR]
(CIMSDsLdapProvider::FindIMSObjects) DS error message 'Timed out'
Resolution:
  1. Increase the Max time from:
    Siteminder Policy Server User Interface -> User Directories -> YOUR_DIRECTORY -> Directory Setup tab -> Max time.
    Default value is 10 Seconds, this is a global setting and affect every IM user search and tasks. Setting change requires a policy server restart.

  2. Increase the timeout from directory.xml:
    Directory.xml -> <DirectorySearch maxrows="0" timeout="10"/>
    Default value is 10 Seconds, this is also a global setting and affects every IM user search. Setting change requires an IM server restart.

  3. Customize the user search and add a default scope to limit the number of users returned by the search.

Note:
There is another parameter - Max results(In policy server user console)/maxrows(directory.xml), this does not limit the results return by a search, instead it returns an error 'Sizelimit exceeded' when the number of results exceed the value, which is not a desirable.