Grouper Users - Open Discussion List

[Tom Zeller <>]

We definitely encountered Active Directory connection timeouts at
Memphis using the JNDI LdapContext. The fix was simply to try the
failed ldap operation again upon CommunicationException. With v1.5.0,
ldappc uses vt-ldap which has a configurable number of retries, the
default is 1.

Ldappc opens an ldap connection at the beginning of provisioning, and
closes it at the end. So, a single connection is maintained during one
provisioning run.

I hope to support vt-ldap pools in the next version of ldappc, which
will provide even better connection handling.

Also, ldappc v1.5.0 with vt-ldap provides better support for Active
Directory including paging and "range attribute" handling for groups
with a large (>1500) number of members
(http://code.google.com/p/vt-middleware/wiki/vtldapAD#Range_Attributes).

TomZ

> I'm just throwing this out there to see if anyone else is experiencing 
> something similar when provisioning to AD. We get VERY sporadic provisioner 
> failures only with our Active Directory provisioning (we run two instances 
> of the provisioner, one to SunOne LDAP and the other to AD.) Although the 
> failure doesn't cause much ruckus, as we restart the process automatically, 
> and no data disappears in AD, I would like to resolve this issue. AD 
> seemingly resets the connection for whatever reason. In talking with our AD 
> admins, there are no correlating issues on their side (no DC's are down, or 
> reporting issues at or near the indicated time.)
>
> Some questions do come up though, does LDAPPC try to keep a connection 
> alive indefinitely, or does it stop and start connections in a particular 
> manner?
>
> Here's an example of the error log right before LDAPPC crashes:
>
> 2009-11-17 03:05:29,466: [Timer-0] FATAL ErrorLog.fatal(122) - 
> [edu.internet2.middleware.ldappc.LdappcGrouperProvisioner] Grouper 
> Provision Failed: Connection reset, javax.naming.CommunicationException: 
> Connection reset [Root exception is java.net.SocketException: Connection 
> reset]; remaining name 'ou=Enterprise Groups,dc=froot,dc=nau,dc=edu'
>        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1961)
>        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1806)
>        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
>        at 
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
>        at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
>        at 
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
>        at 
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.clearRoot(GroupEntrySynchronizer.java:1141)
>        at 
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.initialize(GroupEntrySynchronizer.java:1098)
>        at 
> edu.internet2.middleware.ldappc.synchronize.GroupSynchronizer.synchronize(GroupSynchronizer.java:145)
>        at 
> edu.internet2.middleware.ldappc.GrouperProvisioner.provisionGroups(GrouperProvisioner.java:312)
>        at 
> edu.internet2.middleware.ldappc.GrouperProvisioner.provision(GrouperProvisioner.java:179)
>        at 
> edu.internet2.middleware.ldappc.LdappcGrouperProvisioner.provisionGroups(LdappcGrouperProvisioner.java:121)
>        at 
> edu.internet2.middleware.ldappc.LdappcProvisionControl.run(LdappcProvisionControl.java:96)
>        at java.util.TimerThread.mainLoop(Timer.java:512)
>        at java.util.TimerThread.run(Timer.java:462)
> Caused by: java.net.SocketException: Connection reset
>        at java.net.SocketInputStream.read(SocketInputStream.java:168)
>        at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
>        at java.io.BufferedInputStream.read1(BufferedInputStream.java:256)
>        at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
>        at com.sun.jndi.ldap.Connection.run(Connection.java:784)
>        at java.lang.Thread.run(Thread.java:595)
>
> Raymond Walker
> Software Systems Engineer Sr.
> ITS Northern Arizona University