Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1942

Investigate AD Connectivity issues

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Not a bug
    • None
    • None
    • None
    • AD 2003

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      After our 2.0 release, the javax.naming.ServiceUnavailableException has become more common.

      As a workaround we've been suggesting the following configuration in the Crowd JAVA_OPTS (apache-tomcat/bin/setenv.sh).

      -Dcom.sun.jndi.ldap.connect.pool.timeout=3

      The fact that it has been working, points that the problem may be in the connection pool (or connections individually).

      Another workaround that solved the problem was to start 'TCPMon' on AD-Server and listens on port 390 and pass the data to port 389 (use x.x.x.x:390 as URL in the Crowd-Directory Setup).

      Unfortunately, I couldn't reproduce the problem locally.

            [CWD-1942] Investigate AD Connectivity issues

            Renata Dornelas made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 121343 ]
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3363767 ] New: JAC Suggestion Workflow 3 [ 3627372 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1509907 ] New: JAC Suggestion Workflow [ 3363767 ]
            Issue Type Original: Task [ 3 ] New: Suggestion [ 10000 ]
            Owen made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1392437 ] New: Simplified Crowd Development Workflow v2 - restricted [ 1509907 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 273770 ] New: Simplified Crowd Development Workflow v2 [ 1392437 ]
            David Di Blasio made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 121343 ]
            joe made changes -
            Resolution New: Not a bug [ 12 ]
            Status Original: Open [ 1 ] New: Resolved [ 5 ]
            jawong.adm made changes -
            Workflow Original: JIRA Bug Workflow v2 [ 212294 ] New: Crowd Development Workflow v2 [ 273770 ]

            Renan Battaglin added a comment -

            Hi Adam,

            After handling some support issues reporting the exact same symptom (javax.naming.ServiceUnavailableException), we concluded that the issue is happening because the searches are timing-out in AD. Version 2.0.7 still need to have the timeout set at the JAVA_OPTS variable (workaround described above).

            Crowd 2.1 and newer versions will have a timeout option in the Active Directory Connector UI to allow administrators to adapt Crowd to their AD needs.

            From our observations, we concluded that the timeout may happen if:
            1. The DC to which Crowd is connecting to is too big (huge number of users/groups), causing the LDAP query to be very expensive for AD.
            2. Crowd is connecting to distributed DCs located in different physical locations, causing a search to depend on the communication latency between DCs.
            3. The AD server query timeout is set to be very small.

            Cheers,
            Renan

            Renan Battaglin added a comment - Hi Adam, After handling some support issues reporting the exact same symptom (javax.naming.ServiceUnavailableException), we concluded that the issue is happening because the searches are timing-out in AD. Version 2.0.7 still need to have the timeout set at the JAVA_OPTS variable (workaround described above). Crowd 2.1 and newer versions will have a timeout option in the Active Directory Connector UI to allow administrators to adapt Crowd to their AD needs. From our observations, we concluded that the timeout may happen if: 1. The DC to which Crowd is connecting to is too big (huge number of users/groups), causing the LDAP query to be very expensive for AD. 2. Crowd is connecting to distributed DCs located in different physical locations, causing a search to depend on the communication latency between DCs. 3. The AD server query timeout is set to be very small. Cheers, Renan

            AW added a comment -

            Is this issue resolved in a later version of Crowd? The release notes don't indicate that it is, so I'm guessing it was somehow fixed indirectly? Is this still a problem for the latest version 2.0.7?

            AW added a comment - Is this issue resolved in a later version of Crowd? The release notes don't indicate that it is, so I'm guessing it was somehow fixed indirectly? Is this still a problem for the latest version 2.0.7?

              Unassigned Unassigned
              rbattaglin Renan Battaglin
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: