Resolve Active Directory OpenAM performance issues in EngageOne Server

Product Feature: Deployment / Configuration


During the installation of the security bundle in EngageOne Server 4.4SP3, performance issues were encountered due to the Active Directory timing out in OpenAM. 
In some circumstances, it is taking over 1½ minutes to return the results of an Active Directory filter.

This is causing time-out issues while logging into the client URL in EngageOne.


This is due to a known software defect in OpenAM v13.5.0 at ForgeRock.



UPDATED: January 26, 2018
In the OpenAM configuration, the time-out value for the Active Directory sync is defined in the OpenAM Datastore settings.

Realms/EngageOne/Data Stores/EngageOne_LDAPv3

User-added image
The search connection timeout period for LDAP filter condition is in milliseconds but its Help text says "In seconds".  This caused a connection error if using LDAP filter condition by default settings. 

This issue is already reported as OPENAM-10116 at ForgeRock.

In order to resolve this, it is suggested to multiply the intended duration by 1000 in the dialogue. The change will not have any impact.
However note that the value is correctly set as seconds in newer versions of OpenAM including v13.5.1. When upgrading, the time needs to be changed back to seconds. 

ForgeRock will provide the fix as a patch which will change the code to be in seconds rather than milliseconds. The patch fix will be deployed in subsequent release of EngageOne Server.

Contact Technical Support to request for further information on the next release with the fix - quoting reference CES-50186.