Solutions

Timeout on system object message during reconciliation process in IDM/OpenIDM (All versions)

Last updated Jul 9, 2018

The purpose of this article is to provide information on adjusting operation timeouts for an OpenICF connector in IDM/OpenIDM if you see a "Timeout on system object" message for a single object when running the reconciliation process.


Symptoms

A response similar to the following is shown for a single object when running the reconciliation process:

{ "code":503, "reason":"Service Unavailable", "message":"Operation UPDATE Timeout on system object: <GUID=5f70e361ecf3c952ac2d1acef12c9171>" }

It may show a different operation type, for example, CREATE.

Recent Changes

Implemented operation timeouts.

Causes

By default, the provisioner configuration files are set up without any operational timeouts (all operations are set to -1). This message is shown when the operation takes longer to complete than the timeout specified.

Solution

This issue can be resolved by increasing the operation timeout in your provisioner configuration file (for example, provisioner.openicf-ldap.json), which is located in the /path/to/idm/conf directory. For the example message shown in the Symptoms section, you would need to increase the timeout for the UPDATE operation. 

You can either increase the timeout to a new value to see if the errors go away and adjust as needed, or you can perform a similar update directly using LDAP modify (ldapmodify command) to see how long it takes and adjust accordingly.

Here is a sample configuration where all operations are configured to time out after 1 minute (60,000 miliseconds):

{
  "CREATE"              : 60000,
  "TEST"                : 60000,
  "AUTHENTICATE"        : 60000,
  "SEARCH"              : 60000,
  "VALIDATE"            : 60000,
  "GET"                 : 60000,
  "UPDATE"              : 60000,
  "DELETE"              : 60000,
  "SCRIPT_ON_CONNECTOR" : 60000,
  "SCRIPT_ON_RESOURCE"  : 60000,
  "SYNC"                : 60000,
  "SCHEMA"              : 60000
}

See Integrator's Guide › Connecting to External Resources › Setting the Operation Timeouts for further information.

Note

You should also check the number of connector instances specified in the poolConfigOption is appropriately set for your environment as detailed in  How do I configure pooled connections for a connector in IDM/OpenIDM (All versions)?The poolConfigOption is used to determine how many connector instances are pooled by IDM and made available to service requests.

See Also

How do I configure pooled connections for a connector in IDM/OpenIDM (All versions)?

OpenICF Connector Configuration Reference

Reference › ldapmodify

Related Training

N/A

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2018 ForgeRock, all rights reserved.
Loading...