We just observed this morning that the bind to AD for the OneClick server is failing.  This is only happening on the OneClick server where we made the modification to "Save LDAP passwords..." (set to Yes).

When attempting to rebind to AD it is failing with the following message showing in catalina.out:

Feb 11, 2022 10:23:22.629 - Caught NamingException : javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'OU=Service Accounts,DC=xxx,DC=ds,DC=domain,DC=com'

Release : 21.2

Component : SPCOCK - Spectrum OneClick

The LDAP server is providing a LDAP referral on which the OneClick attempts to bind to the referral and the connection times out. 

Disable referrals by doing the following:

1. Make a backup of the $SPECROOT/tomcat/webapps/spectrum/META-INF/context.xml file

2. Edit the $SPECROOT/tomcat/webapps/spectrum/META-INF/context.xml file

3. Look for the entry that reads referrals="follow" and change it to referrals="ignore"

4. Save the change

5. Restart tomcat service on the OneClick server

You may need to go to the LDAP Configuration in the OneClick Administration page and re-enter the Connection Name and Connection Password fields.