Auth0 Home Blog Docs

LDAP connection closed unexpectedly

ad-connector

#1

I have an issue with LDAP connection.

We have successfully established LDAP connectivity for testing, however for unknown reason it stops working after an hour, two hours , sometimes 4 hours (connection is being closed.)

Please find attached a screenshot presenting the issue on Auth0 configuration panel side.

We can observe the following on our server side (some fake accounts used in the log):

root@test:/opt/auth0-adldap# nohup node server.js > connector.log &

[2017-10-18 12:04:41] Reading CA certificates from OPENSSLDIR
[2017-10-18 12:04:42] Reading CA certificates from /usr/lib/ssl/certs
[2017-10-18 12:04:42] Adding 152 certificates
[2017-10-18 12:04:42] Loading settings from ticket:
https://company.eu.auth0.com/p/ad/NghWiIHH/info
[2017-10-18 12:04:42] Local settings updated.
[2017-10-18 12:04:42] Certificates already exist, skipping certificate generation.
[2017-10-18 12:04:42] ESC[33mConfiguring connection LDAPtest.ESC[39m
[2017-10-18 12:04:42]  > Posting certificates and signInEndpoint:
http://test:4000/wsfed
[2017-10-18 12:04:42] ESC[32mConnection LDAPtest configured.ESC[39m
[2017-10-18 12:04:42] Connector setup complete.
[2017-10-18 12:04:42] Cache enabled
[2017-10-18 12:04:42] Connecting to
ESC[32mwss://company.eu.auth0.com/lo/hubESC[39m.
[2017-10-18 12:04:42] jsonwebtoken: expiresInMinutes and expiresInSeconds is deprecated. (/opt/auth0-adldap/ws_validator.js:213:19)
Use "expiresIn" expressed in seconds.
[2017-10-18 12:04:42] ESC[34mauth0ESC[39m: Agent accepted.
[2017-10-18 12:04:43] latency test took avg: 88.15 ms, max: 104.73 ms,
min: 79.54 ms
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Bind OK.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Bind OK.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser2@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Bind OK.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser2@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Bind OK.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 16:21:00] ESC[34mauth0ESC[39m: Connection closed.

![alt text][1]


#2

I took a quick look at logs in the server-side and could not find anything of relevant or at least something different when compared to logs for working connections. It’s strange that the situation is not consistent in the amount of time after which the connection close happens, however, did you check for any possible network inactivity timeout on the network where the AD connector runs that could explain this? In addition, you may also want to try running a modified version of the web socket connection script and try to obtain some additional information about the close event.


#3

Hi,

Thanks a lot for your feedback. We are already using the modified web socket connection script with no luck.

Can you tell how to obtain the additional close event information?

Regards,
Mariusz


#4