The Issue:
You are experiencing intermittent login issues when LDAP is in use, even when passwords have not been changed. You may also notice the following errors in the logs:
-
WARN JpaSecurityBackend - User ‘<username>’ failed to login: [SECURITY_34 - Invalid password] -
ERROR BlockingConnectionPool ... {truncated} ... unable to connect to the ldaporg.ldaptive.provider.ConnectionException:javax.naming.CommunicationException: … {truncated} ... [Root exception is java.net.SocketTimeoutException: connect timed out]
The Solution:
One of the potential causes for this issue is a socket timeout or network latency. If you are using Control Hub On-premises, there are a few related configurations concerning LDAP which can be changed in order to remedy this issue. To change these settings:
- On the command line, navigate to the $DPM_CONF directory (usually in /etc) and open the security-app.properties file with a text editor.
- Find the following two properties in the configuration file:
- userGroupProvider.M.multi.L.ldap.connectionTimeoutMillis
- userGroupProvider.M.multi.L.ldap.responseTimeoutMillis.
- The default value for these properties should be set to 5000. We can go ahead and increase these values for now, perhaps to 10000.
- Save the changes and restart the DPM service.
After making these changes, observe your environment to see if the issue persists. For more information regarding LDAP configuration in Control Hub, you can consult the documentation here.