Error message "[*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Ignored inaccessible referral: DomainDnsZones" is seen in the TIBCO Spotfire server.log file while configuring LDAP Authentication

Error message "[*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Ignored inaccessible referral: DomainDnsZones" is seen in the TIBCO Spotfire server.log file while configuring LDAP Authentication

book

Article ID: KB0072241

calendar_today

Updated On:

Products Versions
Spotfire Server All

Description

While configuring LDAP, you can get the following error message in server.log
=======================================

INFO 2021-10-29T19:41:17,364+0100 [*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Ignored inaccessible referral: DomainDnsZones.NA.TIB.LOCAL:636
javax.naming.CommunicationException: DomainDnsZones.NA.TIB.LOCAL:636
        at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) ~[?:?]
        at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151) ~[?:?]
        at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325) ~[?:?]
        at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227) ~[?:?]
        at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189) ~[?:?]
        at    
……
……
……
 com.spotfire.server.userdir.ldap.LdapSynchronizer.synchronize(LdapSynchronizer.java:226) ~[spotfire-server.jar:?]
        at com.spotfire.server.userdir.ldap.LdapSynchronizer.lambda$new$0(LdapSynchronizer.java:126) ~[spotfire-server.jar:?]
        at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
        at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[?:?]
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[?:?]
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[?:?]
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:?]
…….
…….
==================================================

Cause:

The Spotfire server contacts the domain controller via LDAP query. Every domain controller has information about the other domains in the forest in its Configuration container. When an operation in Active Directory requires action on objects that might exist in the forest but are not located in the particular domain that is stored on a domain controller, that domain controller must send the client a message that describes where to go to continue this action — that is, the client is "referred" to a domain controller that is presumed to hold the requested object.
Clients do not need to know the name or location of a child domain in order to contact a domain controller in that domain. They can query the root domain and reach the appropriate domain controller by being referred there.
 

Environment

ALL

Resolution

In order to avoid this error from occurring, you will have to point the LDAP URL to the global catalog. 

Issue/Introduction

Error message"[*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Ignored inaccessible referral: DomainDnsZones" is seen in the server.log when an operation in Active Directory requires action on objects that might exist in the forest but are not located in the particular domain which is mentioned while configuring LDAP authentication .

Additional Information

External: LDAP Referrals:

External: Global Catalog and LDAP Searches:

TIBCO How to find a list of Global Catalog servers on your network

 

Powered by Wolken Software