Timeout on system object message during reconciliation process in OpenIDM 4.x

Last updated Jan 5, 2021

The purpose of this article is to provide information on adjusting operation timeouts for an OpenICF connector in OpenIDM if you see a "Timeout on system object" message for a single object when running the reconciliation process.


This article has been archived and is no longer maintained by ForgeRock.


A response similar to the following is shown for a single object when running the reconciliation process:

{ "code":503, "reason":"Service Unavailable", "message":"Operation UPDATE Timeout on system object: <GUID=5f70e361ecf3c952ac2d1acef12c9171>" }

It may show a different operation type, for example, CREATE.

Recent Changes

Implemented operation timeouts.


By default, the provisioner configuration files are set up without any operational timeouts (all operations are set to -1). This message is shown when the operation takes longer to complete than the timeout specified.


This issue can be resolved by increasing the operation timeout in your provisioner configuration file (for example, provisioner.openicf-ldap.json), which is located in the /path/to/openidm/conf directory. For the example message shown in the Symptoms section, you would need to increase the timeout for the UPDATE operation. 

You can either increase the timeout to a new value to see if the errors go away and adjust as needed, or you can perform a similar update directly using LDAP modify (ldapmodify command) to see how long it takes and adjust accordingly.

Here is a sample configuration where all operations are configured to time out after 1 minute (60,000 miliseconds):

{ "CREATE" : 60000, "TEST" : 60000, "AUTHENTICATE" : 60000, "SEARCH" : 60000, "VALIDATE" : 60000, "GET" : 60000, "UPDATE" : 60000, "DELETE" : 60000, "SCRIPT_ON_CONNECTOR" : 60000, "SCRIPT_ON_RESOURCE" : 60000, "SYNC" : 60000, "SCHEMA" : 60000 }

See Integrator's Guide › Setting the Operation Timeouts for further information.


You should also check the number of connector instances specified in the poolConfigOption is appropriately set for your environment as detailed in  How do I configure pooled connections for a connector in IDM (All versions)? The poolConfigOption is used to determine how many connector instances are pooled by OpenIDM and made available to service requests.

See Also

How do I configure pooled connections for a connector in IDM (All versions)?

OpenICF Connector Configuration Reference

Reference › ldapmodify

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.