Environment
Novell Identity Manager Driver - NDS Mirror
Novell Identity Manager Driver - NDS Flat
Novell Identity Manager Driver - NDS Dept
Situation
Identity Manger driver stops responding and must be restarted. Sometimes one channel will keep working (publisher) but not the subscriber.
- happens after a slow time with little or no data being sent.
- with constant traffic, the problem does not happen.
Resolution
There are several possible causes to the problem. Here is a quick list of the most common causes of the problem.
- An older version of Audit installed. Make sure that the latest version is applied. Here is the name of the current patch
Novell Audit 2.0.2 FP7
You should be at this level or above.
- IDM 3.6.1 engines that are not patched. The latest patch is the IDM 3.6.1 Engine Patch 3 Build 3.6.14. You should be at this level or above.
- On Linux we have seen problems with duplicate ndsd processes. To check for that use the following command ps -ef | grep ndsd | grep -v ndsd
If one more process exists than is configured on the box then there is a problem. Make sure that eDirectory, Audit and IDM are patched.
If one more process exists than is configured on the box then there is a problem. Make sure that eDirectory, Audit and IDM are patched.
- Sometimes having IPV6 also loaded can cause problems. Try removing IPV6 if possible.
- There is a keep alive process that can be added to the driver. Here is information on it:
<?xml version="1.0" encoding="UTF-8" ?>
<!-- this file contains options information for the NDS to NDS driver
these options are only necessary if the default receive timeout values
need to be changed.
<!-- this file contains options information for the NDS to NDS driver
these options are only necessary if the default receive timeout values
need to be changed.
The receive timeout values are used to detect a dropped physical connection.
If the receive timeout occurs, a connection monitor thread will send a
"keep-alive" packet to determine if the connection is still alive.
If the receive timeout occurs, a connection monitor thread will send a
"keep-alive" packet to determine if the connection is still alive.
Normally, the publisher timeout should be fairly long, since it is normal for
the publisher to go long periods without receiving anything. A shorter period
means more 4-byte keep alive messages will be sent and probably queued for the
remove subscriber.
-->
<driver-config name="Nds to Nds Driver">
<subscriber-options>
<keep-alive-interval display-name="Receive timeout in minutes">1</keep-alive-interval>
</subscriber-options>
<publisher-options>
<keep-alive-interval display-name="Receive timeout in minutes">10</keep-alive-interval>
</publisher-options>
</driver-config>
the publisher to go long periods without receiving anything. A shorter period
means more 4-byte keep alive messages will be sent and probably queued for the
remove subscriber.
-->
<driver-config name="Nds to Nds Driver">
<subscriber-options>
<keep-alive-interval display-name="Receive timeout in minutes">1</keep-alive-interval>
</subscriber-options>
<publisher-options>
<keep-alive-interval display-name="Receive timeout in minutes">10</keep-alive-interval>
</publisher-options>
</driver-config>