|Applies To||Access Manager 5.5.3|
SunOne Directory Server 5.2
|Issue||LDAP referral error in ClearTrust Debug Output|
The following error is shown in the aserver debug output:
15:24:50:302 [*] [MUXWORKER-12] - LDAPReferralRebind: binding to host: ldap.server.com with port: 389
A referral message is only generated by the LDAP server when a request is made for a specific LDAP DN and that DN does not exist on the LDAP server that was called. If referrals are enabled the LDAP server should respond with a location that does contain the specified DN. A hop limit exceeded message means that all LDAP severs in the referral list were tried and none contained the specified DN. This error may also occur In situations where the specified DN was supposed to exist in the datastore but it was missing because it was deleted or because a replication event failed to replicate the DN to the particular server.
Note that the LDAP exception is interpreted by the aserver as a failure of the LDAP datastore. If there are no fail-over LDAP connections defined the connection will be abandoned. Since the aserver cannot return a result to the agent this will cause the agent to time out as well. The agent will naturally fail over to an alternate aserver, but if all aservers are using the same datastore no recovery is possible. The failure will present itself at the agents as a continuing series of fail-over events. Due to the agents abandoning connections the aserver logs will also so a large number of "unable to send data to receiver" messages.
|Resolution||Ensure the LDAP datastore is not corrupted and the expected data structure still exists. This error may occur when one or more members of the LDAP replica are not replicating.|
|Legacy Article ID||a45044|