LDAP sync with multiple subsytems connection timeout

cancel
Showing results for 
Search instead for 
Did you mean: 
booltrue
Member II

LDAP sync with multiple subsytems connection timeout

Jump to solution

I am using alfresco Community - 5.1.0 (r127059-b7)

and synchronizing currently 4 ldap subsytems ad1,ad2,ad3,ad4.

ad1 is our domain, ad2,ad3,ad4 is not our domain.

From time to time I get a connection timeout from a subsytem.

Synchronization and authentication, both work so far.

I also tried to increase the timeout value, also to infinitely,

but without any effect.

thx for your help

properties for ldap ad2:

ldap.authentication.active=true
ldap.authentication.java.naming.read.timeout=0
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@a.b.c
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://33.333.33.333:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=admin@a.b.c
ldap.synchronization.java.naming.security.credentials=Alfresco123
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(&(objectclass\=group)(CN\=TESTGROUP))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(CN\=TESTGROUP))
ldap.synchronization.personQuery=(&(objectclass\=user)(memberOf=CN\=TESTGROUP,OU\=OUR GROUPS,DC\=a,DC\=b,DC\=c)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(memberOf=CN\=TESTGROUP,OU\=OUR GROUPS,DC\=a,DC\=b,DC\=c)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.groupSearchBase=DC\=a,DC\=b,DC\=c
ldap.synchronization.userSearchBase=DC\=a,DC\=b,DC\=c
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true

alfresco-global.properties:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ad1:ldap-ad,ad2:ldap-ad,ad3ldap-ad,ad4:ldap-ad
synchronization.synchronizeChangesOnly=true
synchronization.syncWhenMissingPeopleLogIn=false
synchronization.autoCreatePeopleOnLogin=false
synchronization.authCreatePeopleOnLogin=false
synchronization.syncOnStartup=true
synchronization.import.cron=0 0/15 * ? * *

alfresco.log:

2017-06-29 12:45:00,203 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronizing users and groups with user registry 'ad1'
2017-06-29 12:45:00,203 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Full synchronization with user registry 'ad1'
2017-06-29 12:45:00,203 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Some users and groups previously created by synchronization with this user registry may be removed.
2017-06-29 12:45:00,218 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving groups changed since 21.06.2017 14:34:21 from user registry 'ad1'
2017-06-29 12:45:00,234 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad1,id2=1 Group Analysis: Commencing batch of 1 entries
2017-06-29 12:45:00,250 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad1,id2=1 Group Analysis: Processed 1 entries out of 1. 100% complete. Rate: 62 per second. 0 failures detected.
2017-06-29 12:45:00,250 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad1,id2=1 Group Analysis: Completed batch of 1 entries
2017-06-29 12:45:00,265 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving users changed since 29.06.2017 11:35:19 from user registry 'ad1'
2017-06-29 12:45:00,265 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad1,id2=6 User Creation and Association: Commencing batch of 17 entries
2017-06-29 12:45:00,312 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad1,id2=6 User Creation and Association: Processed 17 entries out of 17. 100% complete. Rate: 361 per second. 0 failures detected.
2017-06-29 12:45:00,312 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad1,id2=6 User Creation and Association: Completed batch of 17 entries
2017-06-29 12:45:00,312 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Finished synchronizing users and groups with user registry 'ad1'
2017-06-29 12:45:00,312 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] 7 user(s) and 1 group(s) processed
2017-06-29 12:45:00,328 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronizing users and groups with user registry 'ad2'
2017-06-29 12:45:00,328 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Full synchronization with user registry 'ad2'
2017-06-29 12:45:00,328 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Some users and groups previously created by synchronization with this user registry may be removed.
2017-06-29 12:45:00,343 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving groups changed since 27.06.2017 15:08:13 from user registry 'ad2'
2017-06-29 12:45:21,466 WARN  [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-3] Failed to resolve member of group 'TESTGROUP' with distinguished name: CN=TESTUSER,OU=OUR USERS,OU=OUR GROUPS,DC=A,DC=B,DC=C
javax.naming.CommunicationException: A.B.C:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
    at com.sun.jndi.ldap.LdapReferralContext.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapReferralException.getReferralContext(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.c_getAttributes(Unknown Source)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(Unknown Source)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source)
    at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.doProcess(LDAPUserRegistry.java:803)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$AbstractSearchCallback.process(LDAPUserRegistry.java:1834)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1287)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:691)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:973)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:719)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:448)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
    at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: java.net.ConnectException: Connection timed out: connect
    at java.net.DualStackPlainSocketImpl.connect0(Native Method)
    at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
    at java.net.PlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at java.net.Socket.<init>(Unknown Source)
    at java.net.Socket.<init>(Unknown Source)
    at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(Unknown Source)
    at com.sun.jndi.ldap.pool.Connections.getOrCreateConnection(Unknown Source)
    at com.sun.jndi.ldap.pool.Connections.get(Unknown Source)
    at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Unknown Source)
    at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
    at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(Unknown Source)
    at javax.naming.spi.NamingManager.getURLObject(Unknown Source)
    at javax.naming.spi.NamingManager.processURL(Unknown Source)
    at javax.naming.spi.NamingManager.processURLAddrs(Unknown Source)
    at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
    ... 18 more
2017-06-29 12:45:24,274 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad2,id2=1 Group Analysis: Commencing batch of 1 entries
2017-06-29 12:45:24,274 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad2,id2=1 Group Analysis: Processed 1 entries out of 1. 100% complete. 0 failures detected.
2017-06-29 12:45:24,274 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad2,id2=1 Group Analysis: Completed batch of 1 entries
2017-06-29 12:45:24,368 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving users changed since 28.06.2017 16:00:38 from user registry 'ad2'
2017-06-29 12:45:24,399 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad2,id2=6 User Creation and Association: Commencing batch of 1 entries
2017-06-29 12:45:24,524 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad2,id2=6 User Creation and Association: Processed 1 entries out of 1. 100% complete. Rate: 8 per second. 0 failures detected.
2017-06-29 12:45:24,524 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad2,id2=6 User Creation and Association: Completed batch of 1 entries
2017-06-29 12:45:24,524 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Finished synchronizing users and groups with user registry 'ad2'
2017-06-29 12:45:24,524 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] 1 user(s) and 1 group(s) processed
2017-06-29 12:45:24,539 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronizing users and groups with user registry 'ad3'
2017-06-29 12:45:24,539 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Full synchronization with user registry 'ad3'
2017-06-29 12:45:24,539 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Some users and groups previously created by synchronization with this user registry may be removed.
2017-06-29 12:45:24,539 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving groups changed since 31.01.2017 19:26:46 from user registry 'ad3'
2017-06-29 12:45:37,097 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad3,id2=1 Group Analysis: Commencing batch of 2 entries
2017-06-29 12:45:37,097 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad3,id2=1 Group Analysis: Processed 2 entries out of 2. 100% complete. 0 failures detected.
2017-06-29 12:45:37,097 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad3,id2=1 Group Analysis: Completed batch of 2 entries
2017-06-29 12:45:40,857 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving users changed since 29.06.2017 12:20:28 from user registry 'ad3'
2017-06-29 12:45:42,745 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad3,id2=6 User Creation and Association: Commencing batch of 22 entries
2017-06-29 12:45:44,632 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad3,id2=6 User Creation and Association: Processed 22 entries out of 22. 100% complete. Rate: 11 per second. 0 failures detected.
2017-06-29 12:45:44,632 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad3,id2=6 User Creation and Association: Completed batch of 22 entries
2017-06-29 12:45:44,648 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Finished synchronizing users and groups with user registry 'ad3'
2017-06-29 12:45:44,648 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] 9 user(s) and 2 group(s) processed
2017-06-29 12:45:44,663 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronizing users and groups with user registry 'ad4'
2017-06-29 12:45:44,663 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Full synchronization with user registry 'ad4'
2017-06-29 12:45:44,663 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Some users and groups previously created by synchronization with this user registry may be removed.
2017-06-29 12:45:44,663 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving groups changed since 16.06.2017 08:01:58 from user registry 'ad4'
2017-06-29 12:46:37,189 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=1 Group Analysis: Commencing batch of 1 entries
2017-06-29 12:46:37,205 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=1 Group Analysis: Processed 1 entries out of 1. 100% complete. Rate: 62 per second. 0 failures detected.
2017-06-29 12:46:37,205 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=1 Group Analysis: Completed batch of 1 entries
2017-06-29 12:46:38,344 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Retrieving users changed since 29.06.2017 10:32:21 from user registry 'ad4'
2017-06-29 12:46:38,827 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=6 User Creation and Association: Commencing batch of 201 entries
2017-06-29 12:46:39,327 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=6 User Creation and Association: Processed 100 entries out of 201. 50% complete. Rate: 200 per second. 0 failures detected.
2017-06-29 12:46:39,545 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=6 User Creation and Association: Processed 200 entries out of 201. 100% complete. Rate: 278 per second. 0 failures detected.
2017-06-29 12:46:39,779 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=6 User Creation and Association: Processed 201 entries out of 201. 100% complete. Rate: 211 per second. 0 failures detected.
2017-06-29 12:46:39,779 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Synchronization,Category=directory,id1=ad4,id2=6 User Creation and Association: Completed batch of 201 entries
2017-06-29 12:46:39,795 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] Finished synchronizing users and groups with user registry 'ad4'
2017-06-29 12:46:39,795 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-3] 19 user(s) and 1 group(s) processed

1 Solution

Accepted Solutions
afaust
Master

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

There is a documentation error. Setting the timeout to 0 does NOT mean it disables the timeout, it just sets it to the literal value of 0. The Alfresco documentation and comments in the sample configuration files are plainly wrong in this instance.

This affects both Enterprise and Community - incidentally I recently had an Enterprise customer run into a similar issue. The only solution was to increase the timeout.

View solution in original post

12 Replies
booltrue
Member II

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

Does ldap.authentication.java.naming.read.timeout=0 have any effect in the alfresco community version,

due I sometimes still get connection timeout during synchronization.

afaust
Master

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

There is a documentation error. Setting the timeout to 0 does NOT mean it disables the timeout, it just sets it to the literal value of 0. The Alfresco documentation and comments in the sample configuration files are plainly wrong in this instance.

This affects both Enterprise and Community - incidentally I recently had an Enterprise customer run into a similar issue. The only solution was to increase the timeout.

booltrue
Member II

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

First I tried setting the timeout value to 100000ms, but I got a connection error.

After that I tried to set the timeout value to infinitely with value 0 and -1, I didnt know that it has not the described effect.

But with 100000ms I got a connection error after ~30s too as you can see in the log.

I will try on monday setting the timeout value to 200000ms to see if the connection error appears after the same time.

I thought setting the timeout value to 100000ms for each ldap subsystem would result in a max. waiting time of 100s for each ldap subsystem before a timeout will be received, so I dont understand why the connection error comes before that defined timeout value as you can see in the log.

What is the max allowed value you can set for the timeout value ?

booltrue
Member II

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

I increased the timeout value to 200000, but still get connection error after same time.

After the connection error, synchronization stops and doesn't continue with the next ldap subsystem in the chain.

Only when no connection error occurs during synchronization all ldap subsystems will be processed successfully.

booltrue
Member II

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

Regarding the sync error, I get sometimes the following error, what does it mean ?

Is it also a connection error ?

2017-07-04 13:15:00,234 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronizing users and groups with user registry 'ad2'
2017-07-04 13:15:00,234 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Full synchronization with user registry 'ad2'
2017-07-04 13:15:00,234 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Some users and groups previously created by synchronization with this user registry may be removed.
2017-07-04 13:15:00,250 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Retrieving groups changed since 03.07.2017 05:39:48 from user registry 'ad2'
2017-07-04 13:15:00,796 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 06040125 Error during LDAP Search. Reason:null
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1303)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:691)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:973)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:719)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:448)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
    at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name '']
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(Unknown Source)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1284)
    ... 9 more
Caused by: javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name ''
    at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapReferralContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(Unknown Source)
    ... 12 more
Caused by: com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name ''
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(Unknown Source)
    ... 12 more
2017-07-04 13:15:00,874 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 06040125 Error during LDAP Search. Reason:null
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1303)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:691)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:973)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:719)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:448)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
    at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name '']
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(Unknown Source)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1284)
    ... 9 more
Caused by: javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name ''
    at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapReferralContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(Unknown Source)
    ... 12 more
Caused by: com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name ''
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(Unknown Source)
    ... 12 more
2017-07-04 13:15:00,889 ERROR [org.quartz.core.JobRunShell] [DefaultScheduler_Worker-9] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.error.AlfrescoRuntimeException: 06040125 Error during LDAP Search. Reason:null
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1303)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:691)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:973)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:719)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:448)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
    at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name '']
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(Unknown Source)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1284)
    ... 9 more
Caused by: javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name ''
    at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapReferralContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(Unknown Source)
    ... 12 more
Caused by: com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name ''
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(Unknown Source)
    ... 12 more
2017-07-04 13:15:00,889 ERROR [org.quartz.core.ErrorLogger] [DefaultScheduler_Worker-9] Job (DEFAULT.ldapPeopleJobDetail threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.error.AlfrescoRuntimeException: 06040125 Error during LDAP Search. Reason:null]
    at org.quartz.core.JobRunShell.run(JobRunShell.java:227)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: org.alfresco.error.AlfrescoRuntimeException: 06040125 Error during LDAP Search. Reason:null
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1303)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:691)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:973)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronizeInternal(ChainingUserRegistrySynchronizer.java:719)
    at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:448)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:46)
    at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
    at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:42)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
    ... 1 more
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name '']
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(Unknown Source)
    at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1284)
    ... 9 more
Caused by: javax.naming.ServiceUnavailableException: DomainDnsZones.a.b.c:389; socket closed [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name '']; remaining name ''
    at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapReferralContext.search(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(Unknown Source)
    ... 12 more
Caused by: com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name ''
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
    at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(Unknown Source)
    ... 12 more

booltrue
Member II

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

I still get the same error from time to time.

Can anybody please explain what does this error mean ?

Thanx.

afaust
Master

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

The term "ServiceUnavailableException" appears to sum it up. For some reason or another, your LDAP system appears to be disconnecting / not connected to the network at some times. Increasing the timeout will improve nothing if there is a legitimate connection issue. In similar cases and when customers insist on "but our network is working perfectly" I usually recommend setting up a small verification script / tool that constantly tries to connect to the system in question (every couple of seconds/minutes) and reports via log file if that succeeded. In most cases people will see that - independent of Alfresco - there is a networking issue and the tool fails to connect for a specific amount of time every couple of days.

booltrue
Member II

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

Sorry for my late reply.

I am just testing the ldap connections of several domains with some services, to see if there occurs a network error on domain side,

or there is an error on Alfresco side.

I had to figure out the trigger time of the services to get the timeout error at the same time as it occurs in Alfresco.

First I used 2 min, but I couldnt fetch the error at same time it occurs on Alfresco side.

I changed now to 30 s, let's see what happens.

I will let you know.

booltrue
Member II

Re: LDAP sync with multiple subsytems connection timeout

Jump to solution

During that weekend occured a connection timout on Alfresco side:

2017-07-15 18:00:00,131 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-6] Synchronization aborted due to error

But my service, that is triggering all 30s didn't fetch it:

15.07.2017 17:59:41

15.07.2017 18:00:11
15.07.2017 18:00:41

My service synchronized the same group and all the users properly.

No errors occured !