Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide

Configuration Properties That Affect Persistent Searches

Set these properties either in the OpenSSO Enterprise Admin Console or using the ssoadm command.

Connection Idle Timeout

com.sun.am.event.connection.idle.timeout specifies the number of minutes after which persistent searches will be restarted. The default is 0, which indicates that persistent searches will not be restarted.

If persistent search connections are made through a load balancer or firewall, these connections are subject to the TCP time out value of the load balancer or firewall. If the load balancer or firewall closes the persistent search connection due to an idle TCP time out, change notifications are not sent to OpenSSO Enterprise unless the persistent search connection is re-established.

Therefore, set com.sun.am.event.connection.idle.timeout to a value lower than the load balancer or firewall TCP timeout, to make sure that persistent searches are restarted before the connections are dropped. The difference between the load balancer or firewall timeout value should not be more than 5 minutes. For example, if your load balancer idle connection time out is 50 minutes, set com.sun.am.event.connection.idle.timeout to 45 minutes.

Persistent Search Connection Restart

com.iplanet.am.event.connection.num.retries specifies the number of attempts to successfully re-establish the persistent search connections. The default is 3.
com.iplanet.am.event.connection.delay.between.retries specifies the delay in milliseconds between retries to re-establish the persistent search connections. The default is 3000.
com.iplanet.am.event.connection.ldap.error.codes.retries specifies the LDAP exception error codes for which retries to re-establish persistent search connections will trigger. The default error codes are 80,81,91; however, you can specify any valid LDAP error code.

These four properties apply only to the persistent search (Event Service) connections and are not shared by other modules. For example, these properties do not affect the SDK LDAP connection pool or the authentication LDAP or policy LDAP connections.

LDAPv3 Plug-in Idle Timeout

Each instance of an LDAPv3 plug-in data store creates a persistent search connection using the filter (objectclass=*). Therefore, exercise caution in creating LDAPv3 data stores to prevent the OpenSSO Enterprise server from being flooded with too many notifications. Also, Directory Server does not return an error if the base DN of the persistent search does not exist, so make sure you supply the correct base DN.

sun-idrepo-ldapv3-config-idletimeout specifies the maximum idle time before an LDAPv3 data store restarts a persistent search connection. If you are using a load balancer or firewall, set this value lower than the load balancer or firewall TCP connection idle timeout value.

For information about using persistent searches in custom applications, see the Sun OpenSSO Enterprise 8.0 Developers Guide.