ldapsync service is failing after following LDAP referral to another LDAP server
search cancel

ldapsync service is failing after following LDAP referral to another LDAP server

book

Article ID: 227832

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

The ldapsync service stops updating/syncing administrator users up to the VIP Management portal. 

Symantec VIP Enterprise Gateway service.out log:

ERROR "2021-10-27 00:09:01.903 GMT+1100" 10.140.30.180 LDAPSync 0 0 0  "actor=LDAPSyncService,text=Job (Ldap_Sync_Group.ServiceDelayed_Job threw an exception.,op=Synchronization
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: java.lang.NoClassDefFoundError: javax/mail/MessagingException]
 at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
 at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: java.lang.NoClassDefFoundError: javax/mail/MessagingException
 at com.verisign.ldapSync.client.LDAPSyncMgr.startLDAPSync(LDAPSyncMgr.java:280)
 at com.verisign.ldapSync.client.LDAPSyncMgr.run(LDAPSyncMgr.java:164)
 at com.verisign.ldapSync.scheduler.LDAPSyncJob.execute(LDAPSyncJob.java:151)
 at org.quartz.core.JobRunShell.run(JobRunShell.java:202)

Symantec VIP Enterprise Gateway service.log log:

INFO  "2022-01-06 14:40:03.329 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPStore:fetchAdminRecords] Following referral: ldaps://this.ldap.server/DC=int\,DC=ldap,DC=server,op=Synchronization"
ERROR "2022-01-06 14:40:03.368 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPStore:fetchAdminRecords] Error while creating referral context.,op=Synchronization"
ERROR "2022-01-06 14:40:03.368 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPStore:fetchAdminRecords] NamingException. Error: simple bind failed: this.ldap.server:636,op=Synchronization"
ERROR "2022-01-06 14:40:03.368 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPStore:fetchAdminRecords] Please refer to the LDAPSync service.out file in logs folder for the complete stack trace.,op=Synchronization"
ERROR "2022-01-06 14:40:03.369 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPStore:fetchAdminRecords] Deferring the admin sync operation for this store and marking the store as unreachable for now.,op=Synchronization"
WARN  "2022-01-06 14:40:03.369 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPSyncMgr:fetchCloudAndLdapAdminRecords] Ldap Admin records null.,op=Synchronization"
ERROR "2022-01-06 14:40:03.369 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPSyncMgr:fetchCloudAndLdapAdminRecords] Admin Store is Unreachable. Deferring Admin Sync operation for this admin store.,op=Synchronization"
WARN  "2022-01-06 14:40:03.369 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPSyncMgr:fetchCloudAndLdapAdminRecords] <<WARNING>> Aborting Admin Sync Operation.,op=Synchronization"
ERROR "2022-01-06 14:40:03.370 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPSyncMgr:fetchCloudAndLdapAdminRecords] Exception occured while fetching Ldap Admin records. Error: Admin Store is Unreachable. Deferring Admin Sync operation for this admin store.,op=Synchronization"
WARN  "2022-01-06 14:40:03.371 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPSyncMgr:fetchCloudAndLdapAdminRecords] <<WARNING>> Aborting Admin Sync Operation.,op=Synchronization"
ERROR "2022-01-06 14:40:03.371 GMT-0800" 10.132.7.24 LDAPSync 0 0 0  "actor=LDAPSyncService,text=[LDAPSyncMgr] <<WARNING>> Admin Synchronization failed. Error: Admin Store is Unreachable. Deferring Admin Sync operation for this admin store.,op=Synchronization"

Cause

VIPEG received an LDAP referral so it tries to connect to the referred LDAP server but it failed.

VIPEG is configured to connect to "this.ldap.server:636". The log shows it was trying to reach "another.ldap.server:636" but was unable to connect.

STATUS | wrapper  | 2021/10/27 09:42:17 | Launching a JVM...
INFO   | jvm 1    | 2021/10/27 09:42:17 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
INFO   | jvm 1    | 2021/10/27 09:42:17 |   Copyright 1999-2006 Tanuki Software, Inc.  All Rights Reserved.
INFO   | jvm 1    | 2021/10/27 09:42:17 | 
INFO   | jvm 1    | 2021/10/27 09:44:40 | javax.naming.CommunicationException: simple bind failed: another.ldap.server:636 [Root exception is java.net.SocketException: Connection reset]

 

Resolution

Open \VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf\ldapSyncSettings.properties

Locate the line: ldapsync.skipReferralsOnException=false

Change the value from false to true, then restart the VIP EG server.

Now if the VIPEG encounters a referral exception after connecting to the LDAP referral, it will resume with the originally defined LDAP server.

Powered by Wolken Software