Intermittently when logging in, users will receive an error message stating that their password is incorrect or their account is locked. The LDAP setup does not lock users out of Clarity for failed login attempts, and the passwords are correct and are being correctly entered. Not all users get this error when it occurs, and it always clears up after short wait.
Error message in the logs:
ERROR 2021-11-18 15:21:10,359 [https-jsse-nio2-443-exec-1969] directory.LDAPDirectoryService (clarity:unknown:none:security.loginAction) javax.naming.CommunicationException: simple bind failed: SERVERNAME:PORT [Root exception is java.net.SocketException: Connection reset] at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895) at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:280) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115) at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
Release : Any Supported Release
Component : CLARITY SECURITY INTEGRATION
You are running out of connections since it works intermittently.
1. In your JVM parameters for app service in CSA/properties.xml add:
-com.sun.jndi.ldap.connect.pool.initsize=3
-Dcom.sun.jndi.ldap.connect.pool.maxsize=20
-Dcom.sun.jndi.ldap.connect.pool.prefsize=10
-Dcom.sun.jndi.ldap.connect.pool.timeout=300000
So it would look something like that for your app service (note it's separation by spaces):
jvmParameters="-Xms512m -Xmx2048m -XX:-UseGCOverheadLimit -XX:MaxMetaspaceSize=300m -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -Dcom.sun.jndi.ldap.connect.pool.protocol=ssl -com.sun.jndi.ldap.connect.pool.initsize=3 -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=300000"
2. Save and restart all services.