Layer7 API Management

  • 1.  Could Not establish context with LDAP

    Posted 02-01-2019 12:17 PM

    HI All,

    We have 2 CA API Gateway AMI's deployed in AWS.They are connected to to single aws multi-az database.They both are in sync.There are some 7 policies exist in the gateways and from the last 1 year everything is working fine.Last month we created one service which connects with LDAP to search users.So we have done ldap configuration and everything is working fine.But it suddenly from last days appliaction users are unable to authenticate aganist LDAP.

    So when we checked in the logs we have found the error unable to establish the context on any LDAP url's connect timed out.

    First we thought it was networking issue.So I logged into ssh and checked network connection it is fine.After that with ldap parameters I have given ldapsearch in ssh it is able to retrieve users.So it is clearly not network issue.

    When I tried to test the ldap cofiguration on policy manager.It throws error saying "unable to establish context on any of ldap url's with values".As the issue is very critical .I stopped and started the 1st node it started working.And for 2nd node also I have done the same.It started working.But we have no clue what exactly happened.Can somebody help on this.

     

    CA API Gateway version : 9.3

    OS : Centos

    Deployment AWS AMI.



  • 2.  Re: Could Not establish context with LDAP

    Broadcom Employee
    Posted 02-03-2019 06:36 PM

    Is the LDAP server running on vmware and has vmotion enabled?

    Just a guess, or a possibility, as the ldap connection will use a connection pool, if the ldap sever migrated due to vmotion, the connection context could not be valid anymore. re-initialize the connection will resolve the problem.

    The symptom is likely match the above scenario.