We have lots of users from outside of our organization which log onto our website to access information. Once in a while a user is not able to log in. After a second or third try, the user is then able to log in.
When checking on our Crowd log, the ERROR logged was mainly as the following. This specific error occurred 206 times in the past 20 days.
2018-03-14 05:17:33,353 Caesium-1-1 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller]
Error occurred while refreshing the cache for directory [ 655361 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException:
192.168.x.xx:10389; nested exception is javax.naming.CommunicationException:
192.168.x.xx:10389 [Root exception is java.net.SocketTimeoutException: connect timed out]
If I haven't included enough information, feel free to ask. Any help is appreciated!
Thank You!
Bing
Hi @Bing Hui
It's actually a bit hard to say without the full stack trace. Maybe it's a pure network issue. My guess is that it might have something to do with LDAP referrals, this is a common issue that is well explained on this page: https://confluence.atlassian.com/hipchatkb/hipchat-server-synchronization-with-ldap-fails-with-javax-naming-communicationexception-domain-com-389-root-exception-is-java-net-sockettimeoutexception-connect-timed-out-884708776.html
In which case, you should check that 'Use node referrals' is turned off in the connector's tab of your LDAP directory in Crowd's console.
@Bruno VincentThank you so much with your response! As of the network issue, I have been monitoring it and I haven't seen one packet been dropped yet. It maybe the network connection between Crowd and our Apache Directory Server 1.5X behind the scene. I probably have to dig deeper. We are only using the "Use native DN Matching" option and this is the only box is checked. I will take a look at the link and I am going to investigate a little more this weekend.
Thank You Again!
Bing
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.