Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAPPC failures with AD

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAPPC failures with AD

Chronological Thread 
  • From: Tom Zeller <>
  • To: Raymond D Walker <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] LDAPPC failures with AD
  • Date: Tue, 17 Nov 2009 15:53:57 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=Ihn1Z7gCI6sBWExUl3Y06Ielbd/cp2JLd02/hxvFNW3SrpymJQ10Vg8NWuPBHWHxcr uUfGHNOqbySm4u53uX2/P+g5MYiZ5HX2YNl74quCbMDmrZQFX+EJlQkoopGKqsK1MRdC T4Z7nieZ8aAPmJV7C2QnjLwI4kj4VX6dc+tyg=

We definitely encountered Active Directory connection timeouts at
Memphis using the JNDI LdapContext. The fix was simply to try the
failed ldap operation again upon CommunicationException. With v1.5.0,
ldappc uses vt-ldap which has a configurable number of retries, the
default is 1.

Ldappc opens an ldap connection at the beginning of provisioning, and
closes it at the end. So, a single connection is maintained during one
provisioning run.

I hope to support vt-ldap pools in the next version of ldappc, which
will provide even better connection handling.

Also, ldappc v1.5.0 with vt-ldap provides better support for Active
Directory including paging and "range attribute" handling for groups
with a large (>1500) number of members


> I'm just throwing this out there to see if anyone else is experiencing
> something similar when provisioning to AD. We get VERY sporadic provisioner
> failures only with our Active Directory provisioning (we run two instances
> of the provisioner, one to SunOne LDAP and the other to AD.) Although the
> failure doesn't cause much ruckus, as we restart the process automatically,
> and no data disappears in AD, I would like to resolve this issue. AD
> seemingly resets the connection for whatever reason. In talking with our AD
> admins, there are no correlating issues on their side (no DC's are down, or
> reporting issues at or near the indicated time.)
> Some questions do come up though, does LDAPPC try to keep a connection
> alive indefinitely, or does it stop and start connections in a particular
> manner?
> Here's an example of the error log right before LDAPPC crashes:
> 2009-11-17 03:05:29,466: [Timer-0] FATAL ErrorLog.fatal(122) -
> [edu.internet2.middleware.ldappc.LdappcGrouperProvisioner] Grouper
> Provision Failed: Connection reset, javax.naming.CommunicationException:
> Connection reset [Root exception is Connection
> reset]; remaining name 'ou=Enterprise Groups,dc=froot,dc=nau,dc=edu'
>        at com.sun.jndi.ldap.LdapCtx.doSearch(
>        at com.sun.jndi.ldap.LdapCtx.searchAux(
>        at com.sun.jndi.ldap.LdapCtx.c_search(
>        at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(
>        at
>        at
>        at
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.clearRoot(
>        at
> edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchronizer.initialize(
>        at
> edu.internet2.middleware.ldappc.synchronize.GroupSynchronizer.synchronize(
>        at
> edu.internet2.middleware.ldappc.GrouperProvisioner.provisionGroups(
>        at
> edu.internet2.middleware.ldappc.GrouperProvisioner.provision(
>        at
> edu.internet2.middleware.ldappc.LdappcGrouperProvisioner.provisionGroups(
>        at
>        at java.util.TimerThread.mainLoop(
>        at
> Caused by: Connection reset
>        at
>        at
>        at
>        at
>        at
>        at
> Raymond Walker
> Software Systems Engineer Sr.
> ITS Northern Arizona University

  • LDAPPC failures with AD, Raymond D Walker, 11/17/2009
    • Re: [grouper-users] LDAPPC failures with AD, Tom Zeller, 11/17/2009

Archive powered by MHonArc 2.6.16.

Top of Page