Versions Compared

Version Old Version 2 New Version 3
Changes made by

Arto Vainiolehto

Arto Vainiolehto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

With ADLDS Ubilogin Directory as the session store, sessions are stored as dynamic objects and are cleaned automatically by ADLDS itself. Therefore, with dynamic session objects, SSO doesn’t perform any cleanup of expired sessions at regular intervals.

...

  • cleanupInterval

    • The interval (in seconds) in which an SSO node performs session cleanup.

    • Default: 60

  • cleanupLockEnabled

    • If set to true, SSO checks that it is able to obtain a lock before performing session cleanup.

    • If set to false, SSO doesn’t check for a lock before performing session cleanup.

    • Default: true

  • cleanupLockCheckWait

    • The time (in seconds) how long an SSO node waits before starting session cleanup to check if it was able to obtain lock successfully. This is to control the race condition of two or more nodes from trying to get obtain the lock at same time.

    • Default: 10

  • cleanupLockTimeout

    • The time (in seconds) after which a lock can be forcefully released and given to another SSO node. That’s to mitigate the possibility , that a lock is left active when in case of an unexpected software error happens, by allowing active SSO nodes to obtain a lock even if one already exists, provided that the age of the existing lock is older than the value specified for this parameter.

    • Default: 600

...

Note that @suffix@ must be expanded to the value of attribute suffix in unix.config.

The change can be done using for example Apache DirectoryStudioDirectory Studio, or you can create an ldif file to change the file, and load the data using import script:

...