In my CA API Gateway 9.1, i am seeing these errors and as a result few users are unable to get authenticated:
2018-07-13T12:36:41.117+1000 WARNING 314 com.l7tech.server.identity.ldap.LdapUserManagerImpl: LDAP error: Could not establish context on any of the ldap urls.
2018-07-13T12:36:41.118+1000 INFO 314 com.l7tech.server.policy.assertion.identity.ServerAuthenticationAssertion: could not verify identity provider ID 15f0d27b8402c405c72f68ce5d489bb9 with credentials from <username>
Can you please help
Looking at the "Could not establish context on any of the ldap urls" i think your ldap connectivity is failing.
Thanks for your response.
Issue is being faced by few users only, rest of them are able to authenticate.
As only a few users are seeing this problem it could be related to a few areas including referrals and/or large group memberships.
By default the gateway will follow referrals which can cause issues if the directory environment is being searched for the top level but all the users are expected in the local environment. You can disable this by setting the cluster wide property ldap.referral to ignore.
The large group membership is controlled through the cluster wide property ldap.group.searchMaxResults which in later versions is set to 1000 but you may need to increase. Lastly I would also look at the nesting setting in the LDAP Provider on the Advanced Configuration page as the nesting may be too deep so look to set this to 1.