We're running a Policy Server and when one of the LDAP User Store from
a given cluster is down, Policy Server didn't send a specific request
to the other LDAP Server to load balance.
How can we fix this ?
Policy Server all versions
From the log extract, we see the Policy Server trying to reach LDAP
server :
myldap.userstore.mydomain.com : 389
each 30 seconds. This LDAP Server is up and running, but it has
problem, so the connections tentatives return :
Error 49-Invalid credentials
smps.log :
[3524/73][Tue Dec 03 2019
16:45:16][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
SmDsLdapConnMgr Bind. Server
myldap.userstore.mydomain.com : 389. Error 49-Invalid
credentials
[3524/76][Tue Dec 03 2019
16:45:16][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
SmDsLdapConnMgr Bind. Server
myldap.userstore.mydomain.com : 389. Error 49-Invalid
credentials
[3524/72][Tue Dec 03 2019
16:45:16][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
SmDsLdapConnMgr Bind. Server
myldap.userstore.mydomain.com : 389. Error 49-Invalid
credentials
[3524/73][Tue Dec 03 2019
16:45:46][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
SmDsLdapConnMgr Bind. Server
myldap.userstore.mydomain.com : 389. Error 49-Invalid
credentials
[3524/72][Tue Dec 03 2019
16:45:46][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
SmDsLdapConnMgr Bind. Server
myldap.userstore.mydomain.com : 389. Error 49-Invalid
credentials
[3524/76][Tue Dec 03 2019
16:45:46][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
SmDsLdapConnMgr Bind. Server
myldap.userstore.mydomain.com : 389. Error 49-Invalid
credentials
Out of the box, the Policy Server keeps doing an "LDAP Ping" request
to all LDAP server each 30 seconds to check the availability :
Policy Server :: LDAP Server Status : Modify the ldap ping process
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=98073
and this is what the log extract shows us. Each 30 seconds, the LDAP
Ping tries to reach this LDAP User Store and as this one doesn't work
fine, it reports the error 49.
As such, these lines don't report an issue with loadbalancing the
request, but it shows that the Policy Server check the availability of
the LDAP Server, and because it's up and running, but reports an error
on login, then you see those lines.