LDAP connection closed unexpectedly

mariusz.kowalik · October 24, 2017, 3:45am

I have an issue with LDAP connection.

We have successfully established LDAP connectivity for testing, however for unknown reason it stops working after an hour, two hours , sometimes 4 hours (connection is being closed.)

Please find attached a screenshot presenting the issue on Auth0 configuration panel side.

We can observe the following on our server side (some fake accounts used in the log):

root@test:/opt/auth0-adldap# nohup node server.js > connector.log &

[2017-10-18 12:04:41] Reading CA certificates from OPENSSLDIR
[2017-10-18 12:04:42] Reading CA certificates from /usr/lib/ssl/certs
[2017-10-18 12:04:42] Adding 152 certificates
[2017-10-18 12:04:42] Loading settings from ticket:
https://company.eu.auth0.com/p/ad/NghWiIHH/info
[2017-10-18 12:04:42] Local settings updated.
[2017-10-18 12:04:42] Certificates already exist, skipping certificate generation.
[2017-10-18 12:04:42] ESC[33mConfiguring connection LDAPtest.ESC[39m
[2017-10-18 12:04:42]  > Posting certificates and signInEndpoint:
http://test:4000/wsfed
[2017-10-18 12:04:42] ESC[32mConnection LDAPtest configured.ESC[39m
[2017-10-18 12:04:42] Connector setup complete.
[2017-10-18 12:04:42] Cache enabled
[2017-10-18 12:04:42] Connecting to
ESC[32mwss://company.eu.auth0.com/lo/hubESC[39m.
[2017-10-18 12:04:42] jsonwebtoken: expiresInMinutes and expiresInSeconds is deprecated. (/opt/auth0-adldap/ws_validator.js:213:19)
Use "expiresIn" expressed in seconds.
[2017-10-18 12:04:42] ESC[34mauth0ESC[39m: Agent accepted.
[2017-10-18 12:04:43] latency test took avg: 88.15 ms, max: 104.73 ms,
min: 79.54 ms
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Bind OK.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 12:06:25] ESC[34muser
testuser@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Bind OK.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 13:47:30] ESC[34muser
testuser@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser2@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Bind OK.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 14:58:09] ESC[34muser
testuser2@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Starting authentication attempt.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Bind with DN "ESC[32mcn=testuser2@test.company.com,ou=people,dc=test,dc=company,dc=comESC[39m"
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Bind OK.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Enrich profile OK.
[2017-10-18 15:04:23] ESC[34muser
testuser2@test.company.com:ESC[39m Authentication succeeded.
[2017-10-18 16:21:00] ESC[34mauth0ESC[39m: Connection closed.

![alt text][1]

jmangelo · October 24, 2017, 10:32pm

I took a quick look at logs in the server-side and could not find anything of relevant or at least something different when compared to logs for working connections. It’s strange that the situation is not consistent in the amount of time after which the connection close happens, however, did you check for any possible network inactivity timeout on the network where the AD connector runs that could explain this? In addition, you may also want to try running a modified version of the web socket connection script and try to obtain some additional information about the close event.

mariusz.kowalik · October 26, 2017, 8:49pm

Hi,

Thanks a lot for your feedback. We are already using the modified web socket connection script with no luck.

Can you tell how to obtain the additional close event information?

Regards,
Mariusz

Topic		Replies	Views
AD LDAP Connector - error testing LDAP connectivity Help error , ldap , ad-ldap-connector	1	4011	April 28, 2020
LDAP connector and auth failure Help ad-ldap-connector	4	3140	July 29, 2021
LDAP Connector is Offline Knowledge Articles certificate , ldap , ad-ldap-connector	1	19	September 19, 2024
Connector monitoring showing intermittent offline Help offline , ad-ldap-connector	2	3853	December 24, 2018
LDAP connector is reporting "certificate has expired" Help organizations-directory-authorization , directory-authorization	1	1034	July 25, 2023

LDAP connection closed unexpectedly

Related Topics