LDAP login fail if the IP address of LDAP server changes
Article ID: 87173
Updated On:
Products
CA Automic Dollar Universe
Issue/Introduction
Error Message :
On the uvserver.log of the UVMS:
|ERROR| request-worker-9 | com.orsyp.central.ldap.LDAPManagerImpl | Authenticate: Cannot authenticate login:username because the LDAP server cannot be reached. Unreachable server: company.com:636.
javax.naming.CommunicationException: company.com:636 [Root exception is java.net.ConnectException: Connection timed out: connect]
If the IP address of the LDAP server is changed, UVMS does not renew the connection. This causes the LDAP login to fail.
Investigation
UVMS should reconnect to the new IP since the previous connection is no longer valid, instead it receives an LDAP exception.
On the uvserver.log of the UVMS:
|ERROR| request-worker-9 | com.orsyp.central.ldap.LDAPManagerImpl | Authenticate: Cannot authenticate login:username because the LDAP server cannot be reached. Unreachable server: company.com:636.
javax.naming.CommunicationException: company.com:636 [Root exception is java.net.ConnectException: Connection timed out: connect]
If the IP address of the LDAP server is changed, UVMS does not renew the connection. This causes the LDAP login to fail.
Investigation
UVMS should reconnect to the new IP since the previous connection is no longer valid, instead it receives an LDAP exception.
Environment
OS: All
Cause
Cause type:
Other
Root Cause: The UVMS uses by default a Connection with the IP address of the LDAP server which is resolved at startup.
As a consequence, if this LDAP server is shutdown, the LDAP authentication will no longer work.
Other
Root Cause: The UVMS uses by default a Connection with the IP address of the LDAP server which is resolved at startup.
As a consequence, if this LDAP server is shutdown, the LDAP authentication will no longer work.
Resolution
Update to a fix version listed below or a newer version if available.
Then add the new variable connectionPool with the value NO on each LDAP instance of the ldap.xml file as follows:
<instance name="LDAP Repository">
...
<connectionPool>NO</connectionPool>
...
</instance>
Fix Status: Released
Fix Version(s):
Univiewer Management Server 6.8.21 - Available
Then add the new variable connectionPool with the value NO on each LDAP instance of the ldap.xml file as follows:
<instance name="LDAP Repository">
...
<connectionPool>NO</connectionPool>
...
</instance>
Fix Status: Released
Fix Version(s):
Univiewer Management Server 6.8.21 - Available
Additional Information
Workaround :
Restart the UVMS so that it connects to the new IP address.
Restart the UVMS so that it connects to the new IP address.
Feedback
Yes
No
Powered by
