PAM-CM-0270: LDAP Bind fail: Cannot contact LDAP server <xxxxxxxx.yyy.zzz>
Article ID: 197884
Updated On: 10-03-2023
Products
Issue/Introduction
The following error message is displayed when trying to integrate the PAM installation with LDAP on a particular domain controller:
"PAM-CM-0270: LDAP Bind fail: Cannot contact LDAP server <servername>"
Environment
Product: Layer 7 Privileged Access Management
Version: 3.x
Cause
The catalina.out file shows the following errors:
**************************************************************************
Aug 18, 2020 2:28:41 PM org.apache.directory.ldap.client.api.LdapNetworkConnection writeRequest
SEVERE: Message failed : something wrong has occurred
Aug 18, 2020 2:28:41 PM com.ca.pam.rest.LDAPService createLdapConfig
SEVERE: LDAP Bind fail: Cannot contact LDAP server <servername>
Aug 18, 2020 2:29:46 PM org.apache.directory.ldap.client.api.LdapNetworkConnection exceptionCaught
WARNING: Connection reset by peer
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
at sun.nio.ch.IOUtil.read(IOUtil.java:197)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:377)
at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:317)
at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:45)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:683)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:659)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:648)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1120)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Aug 18, 2020 2:29:46 PM org.apache.directory.ldap.client.api.LdapNetworkConnection writeRequest
SEVERE: Message failed : something wrong has occurred
Aug 18, 2020 2:29:46 PM com.ca.pam.rest.LDAPService createLdapConfig
SEVERE: LDAP Bind fail: Cannot contact LDAP server <servername>
**************************************************************************
The error messages 'Connection reset by peer' use to appear when the other side resets the connection, most likely doesn't allow it, so either the domain controller itself, or a network device between the two are preventing it.
Resolution
Ask your network team, firewall team, security team or whoever in your organization that may be involved in the network device configuration to review the settings for possible configurations that may block the proper communication between the PAM server and the LDAP controller.
Feedback
