[OpenAM] [Openam] Caching Problem

Tim Rault-Smith tim.rault-smith at forgerock.com
Fri Nov 26 12:01:22 GMT 2010

Hi Joe,

To confirm, the persistent search is configured in the Data Stores tab.  (Allan refers to it as IDRepo because he spends too much time looking at code! ;-) )  Have you made any positive changes to your config?

In OpenAM (and I believe the same in OpenSSO) the property is labelled "Persistent Search Maximum Idle Time Before Restart:".

Where else do you find it in the console under the server configuration?  Under the Advanced settings tab?

Best regards,

On 24 Nov 2010, at 20:22, Joe Stuart wrote:

> That's for your response.
> Just to clarify, if I edit this in the console I would find the
> property under the DataStores tab? I also found the property under the
> specific server configurations, while using the console.
> Thanks
> -Joe
> On Tue, Nov 23, 2010 at 11:59 PM, Allan Foster
> <allan.foster at forgerock.com> wrote:
>> Hi Joe
>> Welcome to the ForgeRock list
>> So generally,  this is caused by the persistent search to your datastore being broken.  Often a LB or Firewall will terminate it, if there is no traffic on it.
>> Have a look at the bottom of the IDRepo config for the persistent search setup,  and change the "Restart persistent search" attribute to be something like 10 mins.
>> Regards
>> Allan
>> On 11/24/10 2:57, Joe Stuart wrote:
>> Hi,
>> I just noticed that the list address has changed, so I'm resending
>> this email to this list. Sorry for the double post.
>> Sorry, I'm still running OpenSSO and haven't had the chance to upgrade
>> to OpenAM, but I'm hoping someone will be able to help with this
>> problem I have.
>> I am having a problem with OpenSSO caching user attributes on login
>> and not expiring the cache until I restart the web container. For
>> example, if I go and change the mail attribute in LDAP (user
>> datastore), OpenSSO will display the old mail attribute value until I
>> restart the web container. If I set the logging level to message, I am
>> able to see that it is serving up the old attribute by looking at the
>> IdRepo log. Does anyone know how I expire the cache or force OpenSSO
>> to do directory lookups if there is a change?  I have tried setting
>> com.iplanet.am.sdk.cache.
>> entry.expire.enabled=true and it doesn’t seem
>> to help. I'm running opensso 8.0 on glassfish 2.1.1
>> Thanks for any help in advance.
>> -Joe
>> _______________________________________________
>> Openam mailing list
>> Openam at forgerock.org
>> https://lists.forgerock.org/mailman/listinfo/openam
>> --
>> Allan Foster VP Technical Enablement
>> e: allan.foster at forgerock.com
>> t: +1.503.334.2546
>> w: www.forgerock.com
>> The New home for OpenSSO -- OpenAM! It's gonna be BIG!
> _______________________________________________
> Openam mailing list
> Openam at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam

Tim Rault-Smith : ForgeRock AS : e: tim.rault-smith at forgerock.com
t: +44 (0)7718 679513 w: forgerock.com
OpenAM, the new name for OpenSSO

More information about the OpenAM mailing list