ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <>
Subject [jira] [Commented] (AMBARI-22642) LDAPS sync Connection Refused
Date Wed, 13 Dec 2017 21:08:00 GMT


Hadoop QA commented on AMBARI-22642:

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

        {color:red}-1 release audit{color}.  The applied patch generated 1 release audit warnings.

    {color:red}-1 javac{color}.  The patch appears to cause the [build to fail|].

Release audit warnings:
Console output:

This message is automatically generated.

> LDAPS sync Connection Refused 
> ------------------------------
>                 Key: AMBARI-22642
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.5.0
>         Environment: java version "1.8.0_121"
> Java(TM) SE Runtime Environment (build 1.8.0_121-tdc1-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
> AD Domain Controllers 
> LDAP v.3
> 2012 R2 OS 
>            Reporter: David F. Quiroga
>            Priority: Minor
>              Labels: easyfix, patch
>         Attachments: ambari-22642.patch
>   Original Estimate: 24h
>  Remaining Estimate: 24h
> Ambari server configured to use "secure" ldap authentication. 
> authentication.ldap.primaryUrl=********:636
> authentication.ldap.useSSL=true
>  We call the ldap_sync_events REST endpoint frequently to synchronize existing groups
and a specific list groups.  We had no issues with this until mid-October at which point we
began to see:
> {code}
>     "status" : "ERROR",
>     "status_detail" : "Caught exception running LDAP sync. simple bind failed: **********:636;
nested exception is javax.naming.CommunicationException: simple bind failed: **********:636
[Root exception is Connection reset]",
> {code}
> Troubleshooting: 
> * We saw random success and failure when attempting to sync a single group. 
> * With useSSL=false and an updated port ldap sync was consistently successful.
> Cause:
> * By default, ldap connection only uses pooled connections when connecting to a directory
server over LDAP. Enabling SSL causes it to disable the pooling, resulting in poorer performance
and failures due to connection resets. 
> * Around mid-October we increased the number of groups defined on the system (50+), this
pushed us outside the "safe zone".
> Fix:
> Enable the SSL connections pooling by adding the below argument to startup options.
> -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'
> Reference: 
> []
> []

This message was sent by Atlassian JIRA

View raw message