Login failures due to LDAP Directory Server Communication Exception: lb.ldap.alias:389 - Connection refused
search cancel

Login failures due to LDAP Directory Server Communication Exception: lb.ldap.alias:389 - Connection refused

book

Article ID: 218592

calendar_today

Updated On:

Products

Continuous Delivery Director

Issue/Introduction

We are getting below error in CDD after we provide the username/password to authenticate. This is an intermittent issue that is happening.

 

 

Environment

Release : 6.6+

Component : CONTINUOUS DELIVERY DIRECTOR

 

Cause

Once CDD is getting the login request - CDD is accessing the configured LDAP Directory (lb.ldap.alias:389) for retrieving the user profile.

 

The log files are clearly showing that once in a while - this access ( from CDD to LDAP ) is experiencing connectivity issues ( connection refused ).

The LDAP ( or a network element in the middle ) is refusing the connection from CDD to LDAP.

 

You may take a network capture on CDD machines to capture this network issue.

 

Example of error

========================================================================
com.ca.rp.auth.LDAPConfigurationException: Directory server is not accessible
Caused by: org.springframework.ldap.CommunicationException: lb.ldap.alias:389; nested exception is javax.naming.CommunicationException: lb.ldap.alias:389 [Root exception is java.net.ConnectException: Connection refused: connect]
Caused by: javax.naming.CommunicationException: lb.ldap.alias:389
Caused by: java.net.ConnectException: Connection refused: connect
        at java.net.DualStackPlainSocketImpl.connect0(Native Method)
        at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
        at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
        at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
        at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
        at java.net.PlainSocketImpl.connect(Unknown Source)
        at java.net.SocksSocketImpl.connect(Unknown Source)
        at java.net.Socket.connect(Unknown Source)
        at java.net.Socket.connect(Unknown Source)
        at java.net.Socket.<init>(Unknown Source)
        at java.net.Socket.<init>(Unknown Source)
        at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)

Resolution

A wireshark trace revealed the CDD server getting a TCP RST response from a specific LDAP server that was actively being rebuilt. An alternative load balanced ldap endpoint was provided. With the alternative load balanced ldap endpoint we updated this by:

  • Opening the service/cog in the upper right corner of CDD. 
  • CDDirector Settings
  • User management system -> Host
  • After updating the "Host" field with the new/alternative value scroll down and "Test connection" to confirm it is successful before clicking "Save".

 

Attachments

Powered by Wolken Software