search cancel

Intermittent LDAP connection reset

book

Article ID: 229400

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Intermittently when logging in, users will receive an error message stating that their password is incorrect or their account is locked. The LDAP setup does not lock users out of Clarity for failed login attempts, and the passwords are correct and are being correctly entered.  Not all users get this error when it occurs, and it always clears up after short wait. 

Error message in the logs: 

ERROR 2021-11-18 15:21:10,359 [https-jsse-nio2-443-exec-1969] directory.LDAPDirectoryService (clarity:unknown:none:security.loginAction) javax.naming.CommunicationException: simple bind failed: SERVERNAME:PORT [Root exception is java.net.SocketException: Connection reset] at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2895) at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:280) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115) at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)

Environment

Release : Any Supported Release

Component : CLARITY SECURITY INTEGRATION

Resolution

You are running out of connections since it works intermittently.

Workaround - set up a connection pool:

1. In your JVM parameters for app service in CSA/properties.xml add:

-com.sun.jndi.ldap.connect.pool.initsize=3
-Dcom.sun.jndi.ldap.connect.pool.maxsize=20
-Dcom.sun.jndi.ldap.connect.pool.prefsize=10
-Dcom.sun.jndi.ldap.connect.pool.timeout=300000

So it would look something like that for your app service (note it's separation by spaces):

jvmParameters="-Xms512m -Xmx2048m  -XX:-UseGCOverheadLimit -XX:MaxMetaspaceSize=300m -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true -Dcom.sun.jndi.ldap.connect.pool.protocol=ssl -com.sun.jndi.ldap.connect.pool.initsize=3 -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=300000"

2. Save and restart all services.