LDAP Listener issue

peterw
Kilo Contributor

‎07-15-2015 07:02 AM

Hi guys,

I have recently set up the LDAP server and integration and this works fine on the scheduled loads however, for some reason when I've activated the listener it does not seem to pick up any changes at all. I've looked in the logs but can see no entries for the listener (not even an error), in fact the only reason I can see that it is throwing an error is that the LDAP monitor displays the below from time to time:

Current status   15/07/2015 14:59:18Error
Last info message   15/07/2015 14:59:18Connection error. Waiting 64 seconds to retry
Last change  
Last error   15/07/2015 14:59:18LDAP response read timed out, timeout used:300000000ms.

Has anyone seen this before? Is there something that needs to be configured on the AD server at all?

Many thanks,

PW

Labels:
0 Helpfuls
  • 6,096 Views
15 REPLIES 15

peterw
Kilo Contributor
In response to dwolf

‎07-15-2015 07:28 AM

Thanks again Darlene Wolf weirdly there is no error code to reference. Nothing is even showing in the System Logs. The majority of the time it seems that the status is Active too.


0 Helpfuls

bernyalvarado
Mega Sage

‎07-15-2015 07:31 AM

Hi Peter, nothing needs to be done in AD side for the listener to work. This capability is called ADNotify or Persistent Search which is supported by many AD since years back already. Perhaps the only setting you need to check are the firewall rules of the network where the AD Server resides. If you're using SSL then port 443 needs to be available.



If this doesn't work, my recommendation will then be to open a Hi ticket.



I hope this is helpful!



Thanks,


Berny


0 Helpfuls

peterw
Kilo Contributor
In response to bernyalvarado

‎07-15-2015 07:51 AM

Thanks Berny Alvarado, we'll log a HI ticket as I think we have completed everything we can on our side.



Thanks for the help guys.


0 Helpfuls

bernyalvarado
Mega Sage
In response to peterw

‎07-15-2015 07:58 AM

You're welcome Peter. Through time I have also learned that your internal setup in combination with some of the settings may have some effect. You may want to try a different setup to see if that makes a difference. For instance... You could choose to do your LDAP integration through a MID server. You could first try it without SSL and then you can try it without SSL.



I hope you're able to resolve this problem soon!



Please keep us posted on how it goes.



Thanks,


Berny


0 Helpfuls

JBark
Tera Expert

‎07-15-2015 08:15 AM

One of things we did in our initial configuration of LDAP was limiting the number of attributes that synced. We also limited the number of AD objects that synced as well. This was done as a best practice to only transmit the data needed for the function, but it increases speed and reduces data transfer as a side benefit.



Your timeouts are HUGE, we're set at 60 with interval of 5 and have had minimal issues the last two years.  


0 Helpfuls