Wednesday, December 11, 2013

OpenAM 11.0.0 Upgrade - Persistent Search Error

In OpenAM 11, the Identity Repositories (IdRepo) has been revamped. The new implementation is using OpenDJ LDAP SDK to perform LDAP operations. 

 (If you want to know more about IdRepo, read from Peter's blog - Identity Repositories. He knows IdRepo inside out. :> )





I observed two errors when I configured an external OpenDJ and Microsoft Active Directory as additional Data Store.



If you are connecting to an external OpenDJ server (e.g. OpenDJ 2.6.0), the following error is frequently displayed in IdRepo:


PersistentSearch:12/11/2013 03:52:06:353 PM SGT: Thread[OpenDJ LDAP SDK Default Scheduler,5,main]ERROR: An error occurred while executing persistent searchorg.forgerock.opendj.ldap.ConnectionException: Server Connection Closed: Heartbeat timed out after 500 ms        at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:163)        at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:125)        at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:76)        at org.forgerock.opendj.ldap.HeartBeatConnectionFactory.newHeartBeatTimeoutError(HeartBeatConnectionFactory.java:1326)        at org.forgerock.opendj.ldap.HeartBeatConnectionFactory.access$000(HeartBeatConnectionFactory.java:107)        at org.forgerock.opendj.ldap.HeartBeatConnectionFactory$ConnectionImpl.checkForHeartBeat(HeartBeatConnectionFactory.java:816)        at org.forgerock.opendj.ldap.HeartBeatConnectionFactory$ConnectionImpl.access$2300(HeartBeatConnectionFactory.java:238)        at org.forgerock.opendj.ldap.HeartBeatConnectionFactory$1.run(HeartBeatConnectionFactory.java:1103)        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439)        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)        at java.util.concurrent.FutureTask.run(FutureTask.java:138)        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)        at java.lang.Thread.run(Thread.java:662)


Of course, restarting process immediately kicks-in:

PersistentSearch:12/11/2013 03:52:06:354 PM SGT: Thread[OpenDJ LDAP SDK Default Scheduler,5,main]Restarting persistent search connection against: LoadBalancer(Failover(AuthenticatedConnectionFactory(HeartBeatConnectionFactory(LDAPConnectionFactory(xxx.yyy.sg/192.168.x.x:1389)), SimpleBindRequest(name=cn=Directory Manager, authentication=simple, controls=[]))))PersistentSearch:12/11/2013 03:52:07:378 PM SGT: Thread[SystemTimerPool,5,main]Starting persistent search against baseDN: dc=azlabs,dc=sg, scope: sub, filter: (objectclass=*), attrs: [dn] against LoadBalancer(Failover(AuthenticatedConnectionFactory(HeartBeatConnectionFactory(LDAPConnectionFactory(xxx.yyy.sg/192.168.x.x:1389)), SimpleBindRequest(name=cn=Directory Manager, authentication=simple, controls=[]))))


If you are connecting to an external Microsoft Active Directory server, the following error is frequently displayed in IdRepo:


PersistentSearch:12/11/2013 04:06:04:265 PM SGT: Thread[OpenDJ LDAP SDK Connection Timeout Checker,5,main]ERROR: An error occurred while executing persistent searchorg.forgerock.opendj.ldap.TimeoutResultException: Client-Side Timeout        at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:182)        at com.forgerock.opendj.ldap.AbstractLDAPFutureResultImpl.setResultOrError(AbstractLDAPFutureResultImpl.java:125)        at com.forgerock.opendj.ldap.AbstractLDAPFutureResultImpl.adaptErrorResult(AbstractLDAPFutureResultImpl.java:114)        at com.forgerock.opendj.ldap.LDAPConnection.cancelExpiredRequests(LDAPConnection.java:562)        at com.forgerock.opendj.ldap.TimeoutChecker$2.run(TimeoutChecker.java:92)




Again, restarting process immediately kicks-in:
PersistentSearch:12/11/2013 04:06:37:347 PM SGT: Thread[OpenDJ LDAP SDK Connection Timeout Checker,5,main]Restarting persistent search connection against: LoadBalancer(Failover(AuthenticatedConnectionFactory(HeartBeatConnectionFactory(LDAPConnectionFactory(ad1.XXXX.sg/192.168.xx.yyy:389)), SimpleBindRequest(name=CN=SSO Service Account,CN=Users,DC=XXXX,DC=sg, authentication=simple, controls=[]))))PersistentSearch:12/11/2013 04:06:38:373 PM SGT: Thread[SystemTimerPool,5,main]Starting persistent search against baseDN: DC=XXXX,DC=sg, scope: sub, filter: (objectclass=*), attrs: [dn, isDeleted, whenChanged, whenCreated] against LoadBalancer(Failover(AuthenticatedConnectionFactory(HeartBeatConnectionFactory(LDAPConnectionFactory(ad1.XXXX.sg/192.168.xx.yyy:389)), SimpleBindRequest(name=CN=SSO Service Account,CN=Users,DC=XXXX,DC=sg, authentication=simple, controls=[]))))


Why? I do not know. I hope improvement can be made to this.

.

Posted by at
Labels: , ,

3 comments:

  1. aldarisDecember 11, 2013 at 5:16 PM

    This is https://bugster.forgerock.org/jira/browse/OPENDJ-932 all over again. The fix resolved this problem for the standard psearch control, but this still happens for the "special" AD control.

    ReplyDelete
  2. Chee ChongDecember 11, 2013 at 6:22 PM

    All over again? OMG! :)

    ReplyDelete
  3. Chee ChongFebruary 26, 2014 at 9:43 PM

    This issue should be fixed by now. See https://bugster.forgerock.org/jira/browse/OPENDJ-1249

    ReplyDelete

Subscribe to: Post Comments (Atom)