AnsweredAssumed Answered

LDAP synchronisation failing on 4.2.e

Question asked by sharifu on Jan 13, 2014
I have 2 servers currently running 4.2.c whit ldap synchronisation which run fine. In my test environment i created 3 servers. upgrade the curent to to latest version 4.2.e, the 3rd server is a fresh install. both the curent 2 test servers will replicate itself to 3rd server. all settings are same as the fully functional 4.2.c settings and the new test server, 4.2.e, work fine. how ever the fresh install of 4.2.e fails ldap synchronization every now and then.


2014-01-14 00:00:00,043  DEBUG [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Running a full sync.
2014-01-14 00:00:00,045  DEBUG [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] deletions are allowed
2014-01-14 00:00:00,137  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronizing users and groups with user registry 'ldap1'
2014-01-14 00:00:00,138  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Full synchronization with user registry 'ldap1'
2014-01-14 00:00:00,138  WARN  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Some users and groups previously created by synchronization with this user registry may be removed.
2014-01-14 00:00:00,150  INFO  [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Retrieving all groups from user registry 'ldap1'
2014-01-14 00:00:00,158  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9] Processing query
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9] Search base: cn=users,dc=domain,dc=com
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]     Return result limit: 0
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]     DerefLink: false
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]     Return named object: false
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]     Time limit for search: 0
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]     Attributes to return: 4 items.
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]         Attribute: cn
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]         Attribute: displayName
2014-01-14 00:00:00,159  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]         Attribute: member;range=0-999
2014-01-14 00:00:00,160  DEBUG [sync.ldap.LDAPUserRegistry] [DefaultScheduler_Worker-9]         Attribute: whenChanged
2014-01-14 00:00:00,169  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 00140024 Error during LDAP Search. Reason:echo.uk.domain.com:389; socket closed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1242)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:685)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:969)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:714)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:51)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:47)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.ServiceUnavailableException: echo.uk.domain.com:389; socket closed; remaining name 'cn=users,dc=domain,dc=com'
   at com.sun.jndi.ldap.Connection.readReply(Connection.java:452)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:631)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:554)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1229)
   … 8 more
2014-01-14 00:00:00,196  ERROR [security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 00140024 Error during LDAP Search. Reason:echo.uk.domain.com:389; socket closed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1242)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:685)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:969)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:714)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:51)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:47)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.ServiceUnavailableException: echo.uk.domain.com:389; socket closed; remaining name 'cn=users,dc=domain,dc=com'
   at com.sun.jndi.ldap.Connection.readReply(Connection.java:452)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:631)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:554)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1229)
   … 8 more
2014-01-14 00:00:00,201  ERROR [quartz.core.JobRunShell] [DefaultScheduler_Worker-9] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.error.AlfrescoRuntimeException: 00140024 Error during LDAP Search. Reason:echo.uk.domain.com:389; socket closed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1242)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:685)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:969)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:714)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:51)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:47)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: javax.naming.ServiceUnavailableException: echo.uk.domain.com:389; socket closed; remaining name 'cn=users,dc=domain,dc=com'
   at com.sun.jndi.ldap.Connection.readReply(Connection.java:452)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:631)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:554)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1229)
   … 8 more
2014-01-14 00:00:00,202  ERROR [quartz.core.ErrorLogger] [DefaultScheduler_Worker-9] Job (DEFAULT.ldapPeopleJobDetail threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.error.AlfrescoRuntimeException: 00140024 Error during LDAP Search. Reason:echo.uk.domain.com:389; socket closed]
   at org.quartz.core.JobRunShell.run(JobRunShell.java:227)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00140024 Error during LDAP Search. Reason:echo.uk.domain.com:389; socket closed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1242)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:685)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:969)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:714)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob$1.doWork(UserRegistrySynchronizerJob.java:51)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.security.sync.UserRegistrySynchronizerJob.execute(UserRegistrySynchronizerJob.java:47)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   … 1 more
Caused by: javax.naming.ServiceUnavailableException: echo.uk.domain.com:389; socket closed; remaining name 'cn=users,dc=domain,dc=com'
   at com.sun.jndi.ldap.Connection.readReply(Connection.java:452)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:631)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:554)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1229)
   … 8 more







properties file, which all servers have


### AD SSO
authentication.chain=passthru1:passthru,ldap1:ldap-ad
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=true
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://echo.uk.domain.com:389
ldap.synchronization.java.naming.security.authenticaton=simple
ldap.synchronization.java.naming.security.principal=administrator@domain.com
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.userSearchBase=ou\=Sites,dc\=domain,dc\=com
synchronization.synchronizeChangesOnly=false
### synchronization.import.cron=0 0 0 * * ?
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
passthru.authentication.domain=DOMAIN
passthru.authentication.servers=DOMAIN\\echo.uk.domain.com,DOMAIN\\akutan.usa.domain.com
passthru.authentication.defaultAdministratorUserNames=administrator,alfresco,sharifu

ldap.synchronization.queryBatchSize=1000
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
#ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)

ldap.synchronization.groupSearchBase=cn\=users,dc\=domain,dc\=com

Outcomes