It's all about the answers!

Ask a question

What could have gone wrong with LDAP connection on WAS?


long TRUONG (3654123147) | asked Dec 23 '16, 9:07 p.m.
 We are not looking for a resolution as the issue has been resolved: But we are looking for an explanation of what could have gone wrong, out of sync.

We recently switch to WAS from Tomcat for our RTC/RRC 5.0.2 on Windows server 2008, with difficulty, but running OK for a while.

All of a sudden we lost the user import functionality, as we can no longer search for a user in LDAP, when click search for any user we would get the error message below:

"An error response was received from the Jazz Team Server. Status=400. Message: CRJAZ0742I Unable to connect to the LDAP directory server. Verify that the server application is configured properly and that the LDAP server is reachable"

When we test for connection from the WAS Admin Console we got an error too:

=================* Test LDAP connection from WAS (console)

SECJ7340E: Exception raised trying to connect to LDAP server: NamingException: ent.rt.csaa.com:389 java.net.ConnectException: Connection refused: connect


we started our RTC DR server, on the same domain, and found that we did not encounter this issue there, we hence rebooted the PRD appServer and resolved the issue.

Any idea what could have gone out of sync? or wrong?

Accepted answer


permanent link
Donald Nong (14.5k614) | answered Jan 13 '17, 3:36 a.m.

It's not about "out of sync", but rather how WAS connects to the LDAP server. As far as I know, WAS connects to the LDAP server only when starting up, at least if you follow the steps provided in the Jazz documentation. So, if the LDAP server somehow gets recycled, or the network is interrupted, all existing LDAP connection between WAS and LDAP will be broken, and you will see the issue in the OP.

long TRUONG selected this answer as the correct answer

Comments
long TRUONG commented Jan 13 '17, 11:39 a.m.

 Ah! We did not need a reboot, just a WAS service restart would have been sufficient.


Thx Don.


long TRUONG commented Jan 13 '17, 12:56 p.m.

 We did run into same issue again, but with a different cause, which was sort of self resolved shortly afterwards: 

  • We have noted that we have no chance to err on passwd when logging into RTC, once one typo on passwd, the login account would be locked. We haphazard a guess that RTC retried several times automatically to login with same credentials at login failure.
  • The admin service account failed the login elsewhere and locked while it has already logged into the session where a user import is to be executed, when the locked account failed to search LDAP. 
  • In this case the issue should and did last only 30 minutes, till the account got unlocked. If attempted, corroboration from the WAS admin console would have failed as the same locked account would not have been able to login to the console to test connection.
  • Last time it lasted several days including 48 hrs for an RFC to turn on DR to verify connections and another overlapped 48 hrs for an RFC to reboot in PRD. And the service account was able to login for all other admin tasks and to login to PRD servers.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.