Periodically OneClick generated a "Lost contact with the specified LDAP server"

Lost contact with the specified LDAP server.

Connection URL - ldap://oneldap.acme.net:636
Error Message - SPC-OCA-10494: Could not connect with the specified connection name/password: SPC-OCA-10488: Either the user name does not exist in the external authentication database or the entered password is Invalid.
0xcb004


SSORB Security Debug capturing the problem when it happens shows OneClick binding to both the primary and alternate LDAP server at the same time with an incorrect user. The
   user account shown in the debug is not configured in the "LDAP Configuration" page

May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) - Authenticating user with external directory server: spectrum
May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) - Opening directory context 
May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) -     connectionName CN=SVC.Spectrum,OU=NorthAmerica,OU=Users,DC=acme,DC=net
May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) -     connectionURL ldap://oneldap.acme.net:636
May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) -     protocol ssl
May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) -     referrals ignore
May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) -     timeoutPeriod in milliseconds 5000
May 17, 2022 09:05:36.401 (http-nio-80-exec-1) (SecuritySP) -     readTimeoutPeriod in milliseconds 5000
May 17, 2022 09:05:36.479 (http-nio-80-exec-1) (SecuritySP) - Opening alternative directory context 
May 17, 2022 09:05:36.479 (http-nio-80-exec-1) (SecuritySP) -     connectionName CN=SVC.Spectrum,OU=NorthAmerica,OU=Users,DC=acme,DC=net
May 17, 2022 09:05:36.479 (http-nio-80-exec-1) (SecuritySP) -     connectionURL ldap://altldap.acme.net:636
May 17, 2022 09:05:36.479 (http-nio-80-exec-1) (SecuritySP) -     protocol ssl
May 17, 2022 09:05:36.479 (http-nio-80-exec-1) (SecuritySP) -     referrals ignore
May 17, 2022 09:05:36.479 (http-nio-80-exec-1) (SecuritySP) -     timeoutPeriod in milliseconds 5000
May 17, 2022 09:05:36.479 (http-nio-80-exec-1) (SecuritySP) -     readTimeoutPeriod in milliseconds 5000
May 17, 2022 09:05:36.777 - Connection Exception: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839]
May 17, 2022 09:05:36.777 - Connection problem: javax.naming.CommunicationException: SPC-OCA-10494: Could not connect with the specified connection name/password: SPC-OCA-10488: Either the user name does not exist in the external authentication database or the entered password is Invalid.

Release : 21.2

Component : Spectrum OneClick

In this case, the axis2/META-INF/context.xml configuration file was configured with the LDAP configuration. This configuration contained an old user
   with an outdated password.

Performed the following steps

  - changed the name in webapps/axis2/META-INF/context.xml to spectrum
  - copied the encrypted password from webapps/spectrum/META-INF/context.xml to the webapps/axis2/META-INF/context.xml
  - restarted Spectrum tomcat

AuthenticationDebug Shown in the Description can be enabled as Follows


OneClick Web Page ~~> Administration ~~> Debugging ~~> Web Server Debug Page (runtime)
   SSORB Security SP  ~~> On
   Click Apply

Debug is written to the OneClick log file
   <windows> $SPECROOT/tomcat/logs/stdout.log
         <linux> $SPECROOT/tomcat/logs/catalina.out