[ https://issues.apache.org/jira/browse/AMBARI-22642?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David F. Quiroga reassigned AMBARI-22642: ----------------------------------------- Assignee: David F. Quiroga > LDAPS sync Connection Refused > ------------------------------ > > Key: AMBARI-22642 > URL: https://issues.apache.org/jira/browse/AMBARI-22642 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.5.0 > Environment: java version "1.8.0_121" > Java(TM) SE Runtime Environment (build 1.8.0_121-tdc1-b13) > Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode) > AD Domain Controllers > LDAP v.3 > 2012 R2 OS > Reporter: David F. Quiroga > Assignee: David F. Quiroga > Priority: Minor > Labels: easyfix, patch > Attachments: ambari-22642.patch > > Original Estimate: 24h > Remaining Estimate: 24h > > Ambari server configured to use "secure" ldap authentication. > authentication.ldap.primaryUrl=********:636 > authentication.ldap.useSSL=true > We call the ldap_sync_events REST endpoint frequently to synchronize > existing groups and a specific list groups. We had no issues with this until > mid-October at which point we began to see: > {code} > "status" : "ERROR", > "status_detail" : "Caught exception running LDAP sync. simple bind > failed: **********:636; nested exception is > javax.naming.CommunicationException: simple bind failed: **********:636 [Root > exception is java.net.SocketException: Connection reset]", > {code} > Troubleshooting: > * We saw random success and failure when attempting to sync a single group. > * With useSSL=false and an updated port ldap sync was consistently successful. > Cause: > * By default, ldap connection only uses pooled connections when connecting to > a directory server over LDAP. Enabling SSL causes it to disable the pooling, > resulting in poorer performance and failures due to connection resets. > * Around mid-October we increased the number of groups defined on the system > (50+), this pushed us outside the "safe zone". > Fix: > Enable the SSL connections pooling by adding the below argument to startup > options. > -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl' > Reference: > [https://confluence.atlassian.com/jirakb/connecting-jira-to-active-directory-over-ldaps-fails-with-connection-reset-763004137.htm] > [https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html] > -- This message was sent by Atlassian JIRA (v7.6.3#76005)