on 07-04-2016 3:47 PM
hello,
I reach the following problem.
On BI4.1 sp6 (server Linux), I meet time out on launchpad authentication page.
No user can connect when this occures.
At this moment if i go on the CMC and ask for a refresh of all ldap users, people can connect to the launchpad again.
My configuration is as follow :
Authentification tier via Ldap, ldap dynamic groups,
If people try to authenticate via enterprise logging, it works.
My referentiel is DB2 (tier)
As anyone ever met this kind of behaviour ?
Best regards .
Raoul K.
Hi Raoul,
Is there any firewalls between your CMS and/or Java web application server and your LDAP servers?
If yes, some timeouts on inactive session may occurs.
It can also happen with other network equipment that does some addresses translation .
CMS keeps a permanent connection to LDAP server..
Scheduling LDAP update is a good workaround if you cannot find quickly the root cause.
Scheduling an authentication probe that uses ldap authentication is a better one as you could receive a mail if it fails or if it's too slow.
Regards,
jean-Luc
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
it seems strange..looks like connectivity problem.. it there any timeout set in LDAP server?
new users not are populated in BO so we wrote JAVA SDK and scheduled as program job to update LDAP so that it will rebuild the LDAP tree.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
we used java SDK as a program job in 3.1. LDAP users update feature was not available in 3.1 🙂
normally, if the user not able to login(LDAP authentication) then BO is not able to connect with LDAP server to check the credentials but we should see 'not able reach LDAP server' error message.
I guess this issue is related to LDAP tree with SecLDAP.dll. try to enable trace and see if you can catch any details. generally, intermittent issue is difficult to resolve 🙂
Where do you see "'not able reach LDAP server' error message ? In a dialog box or in logs ?
I have the same problem when i try to get the list of users in CMC/users. Almost all my users are imported from ldap. When i try to get this list , i got this message in a dialog box :
"An unexpected error occured when decoding JSF component {0}."
At this moment, if i update ldap users via CMC/authentication/ldap/update , i get my list a few seconds after.
I guess this issue is related to LDAP tree with SecLDAP.dll. try to enable trace and see if you can catch any details. generally, intermittent issue is difficult to resolve 🙂
I tried to tcpdump connections between ldap and BI4.1 and between BI4.1 and the db2 referentiel.
It's clear that connections seem lazy between ldap and BI4.1 (but is it perhaps normal) and verbose during and after update. But before update, the BI4.1 and the ldap server communicate :
Below is a short extrait of tcpdump between boxi-rct (BI4.1) and ldapr1 :
boxi-rct.in.ac-rennes.fr.45737 > ldapr1.ac-rennes.fr.ldap: Flags [P.], cksum 0x1e9d (incorrect -> 0xbcf5), seq 15:94, ack 15, win 115, options [nop,nop,TS val 283659523 ecr 652485228], length 79
E...e.@.@.....V...C.......(...K^...s.......
..M.&."l0M...cH.%ou=ac-rennes,ou=education,o=gouv,c=fr
..
...............uid..*****.
14:23:20.470004 IP (tos 0x0, ttl 62, id 26943, offset 0, flags [DF], proto TCP (6), length 1500)
ldapr1.ac-rennes.fr.ldap > boxi-rct.in.ac-rennes.fr.45737: Flags [.], cksum 0x44e7 (correct), seq 15:1463, ack 94, win 1448, options [nop,nop,TS val 652485234 ecr 283659523], length 1448
E...i?@.>.....C...V.......K^..).....D......
&."r..M.0......d..y.Buid=*****,ou=personnels EN,ou=ac-rennes,ou=education,o=gouv,c=fr0..10...mailDeliveryOption1 ..mailbox0,..mailForwardingAddress1...******...mailMessageStore1 ..part****'..mailHost1...****.in.ac-rennes.fr0...mailUserStatus1...active0..
..theme_green0...dermaj1..
ps : i got a lot of cksum incorrect ...
The message "an unexpected error occured when decoding JSF component {0}' while trying to get AD or LDAP user list is clearly a communication failure.
when clicking on Update, the communication is restored and then it works again.
As it never happen on production system but only on that one, this could be because there is a lot less activity on that one.
Have you got an idea when the last logon happened before that problem occurs?
CMS opens a connection to ldap when it starts, and keep it open all its life.
The only place were it reopen it if it has been broken is when you update the LDAP tree (scheduled or manually).
Hello Jean-Luc
I was wrong when i said that i have on the same network a cluster of 2 BI servers (production) wich communicate with the same ldap server and do not have the same behaviour at all ; these 2 servers make ldap update every hour.
I will soon try a tcp.keep.alive to try to bypass a loss of activity that a firewall could diagnose and close connection.
Raoul
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.