What could have gone wrong with LDAP connection on WAS?
=================* Test LDAP connection from WAS (console)
SECJ7340E: Exception raised trying to connect to LDAP server: NamingException: ent.rt.csaa.com:389 java.net.ConnectException: Connection refused: connect
Accepted answer
It's not about "out of sync", but rather how WAS connects to the LDAP server. As far as I know, WAS connects to the LDAP server only when starting up, at least if you follow the steps provided in the Jazz documentation. So, if the LDAP server somehow gets recycled, or the network is interrupted, all existing LDAP connection between WAS and LDAP will be broken, and you will see the issue in the OP.
Comments
Ah! We did not need a reboot, just a WAS service restart would have been sufficient.
We did run into same issue again, but with a different cause, which was sort of self resolved shortly afterwards:
- We have noted that we have no chance to err on passwd when logging into RTC, once one typo on passwd, the login account would be locked. We haphazard a guess that RTC retried several times automatically to login with same credentials at login failure.
- The admin service account failed the login elsewhere and locked while it has already logged into the session where a user import is to be executed, when the locked account failed to search LDAP.
- In this case the issue should and did last only 30 minutes, till the account got unlocked. If attempted, corroboration from the WAS admin console would have failed as the same locked account would not have been able to login to the console to test connection.
- Last time it lasted several days including 48 hrs for an RFC to turn on DR to verify connections and another overlapped 48 hrs for an RFC to reboot in PRD. And the service account was able to login for all other admin tasks and to login to PRD servers.