394 views

Description

The MID Server holds all LDAP changes until the listen interval has elapsed or all changes are verified. Once the LDAP Listener time expires or all changes are verified, the MID Server checks one more time whether the records exist before sending the changes to the instance. If a record has been renamed, moved or deleted by that time, the MID Server cannot find the record and the LDAP Listener goes to an infinite loop.

Steps to Reproduce

 

Setup

The setup for this issue is as follows:

  • An Istanbul Patch 6b instance with an LDAP Server record associated with an Active Directory LDAP server via a MID Server.
  • Make sure the LDAP Listener is up and running and set up to have a Listen interval value of 1.
  • Make sure the LDAP Server has an OU Definition that is reading from an OU (organizational unit) that has at least two OUs within.

For example:

  • LDAP Server Starting search directory: DC=cesarsandoval,DC=local
    LDAP OU Definition RDN: OU=servicenow
  • In Active Directory, OU=servicenow,DC=cesarsandoval,DC=local has two OUs "ouone" and "outwo"
  • In Active Directory, make sure you add one user record to "ouone"

Steps to reproduce

  1. Make a simple change to the user record to verify that the LDAP Listener picks up the change.

    Verify that the LDAP Listener is up and picking up changes.

  2. Several times in a short period, rename the record (changing the CN value) and move it to the other OU under OU=servicenow.

    The following error appears on MID Server wrapper log:

    *****
    2017/08/02 14:54:15 | Exception in thread "LDAP Transform42e755ce4f5483000b52f2718110c7e9" java.lang.ClassCastException: org.apache.xerces.dom.DocumentImpl cannot be cast to org.w3c.dom.Element
    2017/08/02 14:54:15 | at com.glide.util.XMLDocument.pop(XMLDocument.java:140)
    2017/08/02 14:54:15 | at com.service_now.mid.queue_worker.AWorker.pop(AWorker.java:472)
    2017/08/02 14:54:15 | at com.service_now.mid.probe.LDAPListenProbe.createECCQueueTargetElements(LDAPListenProbe.java:156)
    2017/08/02 14:54:15 | at com.service_now.mid.probe.LDAPListenProbe.enqueueChanges(LDAPListenProbe.java:101)
    2017/08/02 14:54:15 | at com.glide.sys.ldap.LDAPListenTransform.run(LDAPListenTransform.java:34)
    *****

    The following error appears on MID Server agent log:

    *****
    08/02/17 14:54:15 (165) glide.ldap.listener-42e755ce4f5483000b52f2718110c7e9 LDAP API - LDAPLogger : LDAP Listener for Support Lab Windows VM at 10.14.48.154:Found total of 6 LDAP changes for 6 unique DNs. The changed DNs will be loaded and synced from LDAP.
    08/02/17 14:54:15 (165) glide.ldap.listener-42e755ce4f5483000b52f2718110c7e9 LDAP resources released, waiting for data
    08/02/17 14:54:15 (509) LDAP Transform42e755ce4f5483000b52f2718110c7e9 WARNING *** WARNING *** LDAP API - LDAPLogger : [LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
    'OU=it,OU=servicenow,DC=cesarsandoval,DC=local'
    ]:[LDAP: error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
    'OU=it,OU=servicenow,DC=cesarsandoval,DC=local'
    ]
    08/02/17 14:54:20 (009) glide.ldap.listener-42e755ce4f5483000b52f2718110c7e9 LDAP API - LDAPLogger : LDAP Listener for Support Lab Windows VM at 10.14.48.154:Notified and will transform change to CN=Dean Ambrose (0),OU=it,OU=servicenow,DC=cesarsandoval,DC=local
    08/02/17 14:54:24 (790) glide.ldap.listener-42e755ce4f5483000b52f2718110c7e9 LDAP API - LDAPLogger : LDAP Listener for Support Lab Windows VM at 10.14.48.154:Notified and will transform change to CN=Dean Ambrose (0),OU=servicenow,DC=cesarsandoval,DC=local
    08/02/17 14:54:36 (118) glide.ldap.listener-42e755ce4f5483000b52f2718110c7e9 LDAP API - LDAPLogger : LDAP Listener for Support Lab Windows VM at 10.14.48.154:Notified and will transform change to CN=Dean Ambrose (1),OU=servicenow,DC=cesarsandoval,DC=local
    08/02/17 14:54:41 (337) glide.ldap.listener-42e755ce4f5483000b52f2718110c7e9 LDAP API - LDAPLogger : LDAP Listener for Support Lab Windows VM at 10.14.48.154:Notified and will transform change to CN=Dean Ambrose (1),OU=hr,OU=servicenow,DC=cesarsandoval,DC=local
    08/02/17 14:54:54 (618) Worker-Standard:LDAPConnectionTesterProbe Worker starting: LDAPConnectionTesterProbe source: 42e755ce4f5483000b52f2718110c7e9
    *****

 

 

Workaround

Try the following workarounds:

  • To prevent the issue from happening, do not update LDAP server records twice in a short span of time. Wait for at least the Listener interval amount of time.

  • Reduce the LDAP Listener interval on the LDAP Server record to help the LDAP Listener to recover quickly after it stops.

  • Restart the MID Server.

  • Schedule multiple LDAP user bulk imports.


Related Problem: PRB1109691

Seen In

There is no data to report.

Fixed In

Jakarta Patch 9
Kingston

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-03-21 16:23:38
Published:2017-11-14