Failed to connect to LDAP server

By: James Annett user 22 Jun 2016 at 1:19 p.m. CDT

4 Responses
James Annett gravatar
I'm trying to get more information about why GLUU is unable to reach the LDAP server. As far as we are able to ascertain, the settings are correct. The stack trace is not descriptive so we are having difficulty troubleshooting the issue. ``` 2016-06-22 18:14:53,376 ERROR [org.gluu.oxtrust.action.ManagePersonAuthenticationAction] Could not connect to LDAP java.lang.NullPointerException at org.xdi.util.properties.FileConfiguration.getProperties(FileConfiguration.java:117) at org.gluu.oxtrust.action.ManagePersonAuthenticationAction.testLdapConnection(ManagePersonAuthenticationAction.java:251) at sun.reflect.GeneratedMethodAccessor927.invoke(Unknown Source) ```
U1404
closed

Answers

By Aliaksandr Samuseu staff 22 Jun 2016 at 1:28 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, James. Possible reasons: 1. You specified your server by DNS name in configuration, by it can't be resolved from within the container (try to add it to `/etc/hosts` there?) 2. Firewall issues on Gluu machine, at LDAP server, or between them 3. You specified Gluu should use LDAPS, but connecting to LDAP (without 'S') port of your backend, or vice-versa 4. We had a few intricate cases when LDAP backend had tightly configured security for connections, like, it didn't even allow anonymous connections to rootDSE object, preventing Gluu from reading general settings and list of supported auth. methods of backend. May it be your case? Regards, Alex.

By Aliaksandr Samuseu staff 22 Jun 2016 at 1:31 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Btw, could you elaborate under which circumstances this issue happens?

By James Annett user 22 Jun 2016 at 1:36 p.m. CDT

Copy
James Annett gravatar
This is when I click test LDAP connection under Manage Authentication. 1. Local DNS is specified in resolv.conf. I can confirm that this isn't the issue. 2. Not sure how to test this. I am able to connect to the LDAP from the command line of the chroot box using the ldapsearch command. 3. We tried both TLS and non-TLS. 4. I don't think so.

By Aliaksandr Samuseu staff 22 Jun 2016 at 1:51 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Oh, sorry. Don't mind it, the button isn't working atm, it's a known issue. I guess you are trying to switch to authentication against your backend, but reluctant to do so because of that? Atm I could recommend only to open a second browser (like, chrome if you are using firefox atm) and login to web UI with it too; then change auth-n method using your first browser, and log out from web UI there, to test whether it worked. This way you can always switch back to internal auth-n if something went wrong, using session that still exist at the 2nd browser. Sorry for inconvinience

Post an answer