OpenAM 11.0.0 and 11.0.1 loses connection to LDAP servers due to heartbeat timeouts
The purpose of this article is to provide assistance if OpenAM 11.0.0 and 11.0.1 loses connection to LDAP servers due to heartbeat timeouts. This loss of connection can occur during normal LDAP usage including creating a session, executing persistent searches and creating OAuth tokens.
1 reader recommends this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
An error similar to the following is shown in the Session debug log (when debug level is set to Message):
ERROR: SessionService.saveForFailover: exception encountered org.forgerock.openam.cts.exceptions.SetFailedException: CTS: Failed to set Token: Caused by: org.forgerock.opendj.ldap.ConnectionException: Server Connection Closed: Heartbeat timed out after 500 msAn error similar to the following is shown in the IdRepo debug log (when debug level is set to Message):
PersistentSearch:09/10/2014 10:44:05:580 AM CDT: Thread[OpenDJ LDAP SDK Default Scheduler,5,main] ERROR: An error occurred while executing persistent search org.forgerock.opendj.ldap.ConnectionException: Server Connection Closed: Heartbeat timed out after 500 msRecent Changes
N/A
Causes
Aggressive heartbeat search timeout settings exist in pre-2.6.6 versions of OpenDJ LDAP SDK - 500ms as opposed to a newer default of 3s.
Additionally, if you are using OpenAM 11.0.0 or 11.0.1, the LDAPUtils class in OpenAM is overriding the 3 second heartbeat timeout and reverting it to the more aggressive 500ms.
Solution
This issue can be resolved by upgrading to OpenAM 11.0.2 or later; you can download this from BackStage.
See Also
N/A
Related Training
N/A