The solution for this issue has been included in 9.1 and above.
The Software Release Note (SRN) will show the following:
When a LDAP server is configured to timeout after some amount of inactivity and
that timeout is reached, OneClick server will no longer authenticate any new logins.
OneClick server will now authenticate LDAP users even after the timeout has been violated.
Users cannot login to SPECTRUM OneClick after LDAP server inactivity timeout occurs
Users can not login to OneClick with an LDAP server
LDAP server has an inactivity session timeout and causes users to be denied when logging in.
SPECTRUM 9.0 OneClick
Causes of this problem:
This issue applies to LDAP servers that are set to have a specified inactivity timeout value. For example, if the LDAP server has a timeout set for 30 minutes for a session. When this timeout value has passed, the connection to the tomcat server is severed. When users try to login after that, the login fails and nobody can login to OneClick. SPECTRUM's Tomcat process must then be cycled to get the connection reestablished between Tomcat and the LDAP server.
(Legacy KB ID CNC TS31795 )