Error message "[*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Ignored inaccessible referral: DomainDnsZones" is seen in the TIBCO Spotfire server.log file while configuring LDAP Authentication
Article ID: KB0072241
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All |
Description
While configuring LDAP, you can get the following error message in server.log
=======================================
Cause:
The Spotfire server contacts the domain controller via LDAP query. Every domain controller has information about the other domains in the forest in its Configuration container. When an operation in Active Directory requires action on objects that might exist in the forest but are not located in the particular domain that is stored on a domain controller, that domain controller must send the client a message that describes where to go to continue this action — that is, the client is "referred" to a domain controller that is presumed to hold the requested object.
Clients do not need to know the name or location of a child domain in order to contact a domain controller in that domain. They can query the root domain and reach the appropriate domain controller by being referred there.
=======================================
INFO 2021-10-29T19:41:17,364+0100 [*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Ignored inaccessible referral: DomainDnsZones.NA.TIB.LOCAL:636
javax.naming.CommunicationException: DomainDnsZones.NA.TIB.LOCAL:636
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) ~[?:?]
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151) ~[?:?]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325) ~[?:?]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227) ~[?:?]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189) ~[?:?]
at
……
……
……
com.spotfire.server.userdir.ldap.LdapSynchronizer.synchronize(LdapSynchronizer.java:226) ~[spotfire-server.jar:?]
at com.spotfire.server.userdir.ldap.LdapSynchronizer.lambda$new$0(LdapSynchronizer.java:126) ~[spotfire-server.jar:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[?:?]
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[?:?]
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[?:?]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:?]
…….
…….
==================================================javax.naming.CommunicationException: DomainDnsZones.NA.TIB.LOCAL:636
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) ~[?:?]
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151) ~[?:?]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreReferrals(AbstractLdapNamingEnumeration.java:325) ~[?:?]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:227) ~[?:?]
at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189) ~[?:?]
at
……
……
……
com.spotfire.server.userdir.ldap.LdapSynchronizer.synchronize(LdapSynchronizer.java:226) ~[spotfire-server.jar:?]
at com.spotfire.server.userdir.ldap.LdapSynchronizer.lambda$new$0(LdapSynchronizer.java:126) ~[spotfire-server.jar:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[?:?]
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[?:?]
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[?:?]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:?]
…….
…….
Cause:
The Spotfire server contacts the domain controller via LDAP query. Every domain controller has information about the other domains in the forest in its Configuration container. When an operation in Active Directory requires action on objects that might exist in the forest but are not located in the particular domain that is stored on a domain controller, that domain controller must send the client a message that describes where to go to continue this action — that is, the client is "referred" to a domain controller that is presumed to hold the requested object.
Clients do not need to know the name or location of a child domain in order to contact a domain controller in that domain. They can query the root domain and reach the appropriate domain controller by being referred there.
Issue/Introduction
Error message"[*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Ignored inaccessible referral: DomainDnsZones" is seen in the server.log when an operation in Active Directory requires action on objects that might exist in the forest but are not located in the particular domain which is mentioned while configuring LDAP authentication .
Environment
ALL
Resolution
In order to avoid this error from occurring, you will have to point the LDAP URL to the global catalog.
Additional Information
External: LDAP Referrals:
External: Global Catalog and LDAP Searches:
TIBCO How to find a list of Global Catalog servers on your networkFeedback
Yes
No
Powered by
