Identity Applications use LDAP connections to communicate with the Identity Vault server. The LDAP time out value represents the maximum time after which an LDAP connection to the Identity Vault is timed out by the LDAP server. The default value is 600000 milliseconds (10 minutes). The connection is timed out as soon as the 600'th second is reached regardless of whether it is an idle connection or it is in the middle of processing a query. If an LDAP query is still running and has not completed when it reaches the 600'th second, the connection is closed between Identity Vault and Identity Applications. Therefore, if your LDAP query is expected to take more time, increase the value of the com.novell.ldap.timeout property in the ism-configuration.properties file.
You must change the LDAP connection time out value to match the Identity Vault usage in your environment depending on how much time out period can you afford. For example, if your query is not performing as expected or the data size that you are expect the query to return is large, increase the time out value. Decreased time out value allows the server to release unused resources relatively quickly, which improves the performance and scalability of Identity Applications.
By default, Identity Applications uses the Java LDAP property com.sun.jndi.ldap.read.timeout for the LDAP connection time out value. In Identity Manager 4.8.1 and later, the new property: com.netiq.ldap.useLdapReadTimeOut can be used to set the LDAP connection timeout value using that the socket time out mechanism. To use the socket time out mechanism, add the com.netiq.ldap.useLdapReadTimeOut property in the ism-configuration.properties file and set the value to false.