Intermittent failures observed in VIP Auth hub while communication with LDAP
search cancel

Intermittent failures observed in VIP Auth hub while communication with LDAP

book

Article ID: 401633

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

The log shows the following error intermittently:

"msg":"Error searching for LDAP user (unable to execute physical search query '(&(|(objectClass=inetorgperson)(objectClass=orgPerson))(uid=xxxxx))' 
- class javax.naming.CommunicationException). LDAP Config 'ExampleDirVIP (Type: ldap, ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx, URL: ldap://example-ldap-host:port)', user BaseDN 'o=example org'. Details: LDAP connection has been closed.",
"api":"/auth/v1/authenticate",

"throwable":"javax.naming.CommunicationException: LDAP connection has been closed [Root exception is java.io.IOException: LDAP connection has been closed];

....

 java.naming/com.sun.jndi.ldap.Connection.readReply(Connection.java:471)
 java.naming/com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:643)
 java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:566) java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2015)
 java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1874)
 java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1799)
 java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
 java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
 java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
 java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:346)
 com.broadcom.layer7authentication.core.service.idstore.spi.ldap.LDAPIdStoreSpiImpl.ldapSearch(LDAPIdStoreSpiImpl.java:1025)
 com.broadcom.layer7authentication.core.service.idstore.spi.ldap.LDAPIdStoreSpiImpl.ldapSearchUser(LDAPIdStoreSpiImpl.java:398)

org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)

org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)

org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)

java.base/java.lang.Thread.run(Thread.java:1583)\n Caused by: java.io.IOException: LDAP connection has been closed java.naming/com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:133)
java.naming/com.sun.jndi.ldap.Connection.readReply(Connection.java:447)\n\t

Environment

VIP Auth hub: 3.3.4
AWS, EKS kubernetes: 1.30

Cause

Possible causes:

  • VIP Auth hub configuration tuning
  • check api request routing in AWS environment
  • check load balancer and firewall settings in AWS environment if used.

Resolution

The exact same LDAP instance was used by other applications and confirmed working during the error.

From VIPAuthHub side, you can query /{tenantName}/admin/v1/LDAPconfigs/{ldapConfigId}

The operating parameters of the LDAP pool are global and must be configured at the time of deploying the Authentication Hub chart.
 
The value can be adjusted or tuned to meet the cloud network environment requirement.

    ldap:

      poolMaxSize: 500

      poolPrefSize: 128

      poolTimeoutMillis: 120000

      poolInitSize: 8

      poolDebug: "none"

      poolKeepAlive: "on"

 
 

Additional Information

Powered by Wolken Software