Testing auto discovery duration
When adding a target system, a suitable List timeout value is unknown, so the value is set to -1 (infinite). If that default value is not changed, listing issues or issues with the target system could cause auto discovery to never end. To avoid this, replace the initial value with a suitable timeout value after the target is successfully configured and tested.
To calculate the listing duration value:
Time how long it usually takes to list. The
idmsuite.logrecords duration at the end of the agent's execution.Multiply by 2 and transform to seconds.
Replace the List timeout value of that target with the result.
If the listing duration is too long:
Reconsider what the target is configured to list.
List only the objects required for the integration:
Accounts - only list managed accounts.
Attributes - only if needed, and only the attributes used.
Groups - only if needed; if thousands of groups are listed; for example, from Active Directory, consider listing a reduced number of groups from a specific OU or other container.
Group members:
If all security groups are not needed, do not select "All groups" under the target tab option for "Groups whose membership will be listed".
Only manage groups if their members are used.
If the listing duration is still long after completing the steps, just increase the time enough so it can account for typical differences in listing duration due to network and target system load instead of multiplying by 2.
If the timeout duration is exceeded when listing, the listing operation will be aborted, and the previous listing from auto-discovery for the target will be used.