Well the message is saying there is some kind of malformed URI or LDAP query string.
I would guess it's not a URI, since you "appear" to be able to contact the data source, so that leaves the LDAP query string to investigate.
Pretty mysterious and "magical" that things were working and the suddenly, without any changes, started breaking, right?
Anyway, I would suggest you get a support ticket opened if you haven't already done so: Looks like you have verified all the quick/easy stuff to check, so it's time to call in the big guns.
Support will help you narrow it down:
- is it a specific query that is failing, or something more general (likely some specific record or server, since the test screens appear to be working fine).
- maybe you didn't apply any maintenance to the LDAP source, but are there any embedded "re-directs" that "used to work"?
In this case I'm not referring the HTTP re-directs but records within one LDAP source that contain "referrals" to other LDAP sources or other places within the
DIT. If you have some recently added records with "bad" or "stale" data, it would lead to these kinds of symptoms.
BTHW: doing a Google search for 'LDAP and 800402' gave the following result:
https://knowledge.broadcom.com/external/article/162307/cant-search-ldap-data-source-for-detaile.htmlWhich seems to match what I'm talking about above: invalid data within the DIT.
Up to you, but since support would probably ask you for it anyway, you might want to go ahead and run some of your own ldapsearch (or whatever tool you like) queries against your data source to ensure you don't have improperly formatted records in there.
Original Message:
Sent: 08-20-2020 12:53 PM
From: Srikanth A
Subject: Directory data service errors
HI Thomas,
Thank you for your reply.
Sounds like somebody changed something about your LDAP source out from under you.
(Applied maintenance? re-ip'd? installed a new certificate? implemented a fw rule? something else??)
We haven't done any changes in any of the specified things
Have you gone to the control center and verified your ability to contact and bind with the LDAP server?
Yes, we are able to contact and bind with LDAP server without any problem. Please find the screen shot for your reference.
This really sounds like an inability to bind to the configured LDAP source(s), but while you are there, it wouldn't hurt to run a couple of sample queries to check that your query string returns the expected results
Yes, any query returns expected results (Recipient validation, authentication, address resolution etc)
Really I don't understand, even after all these are working then we there is an error notification about directory data service.
Regards,
Srikanth A
+91 40 23555945 Ext:251
Original Message:
Sent: 8/20/2020 11:17:00 AM
From: tpa
Subject: RE: Directory data service errors
Sounds like somebody changed something about your LDAP source out from under you.
(Applied maintenance? re-ip'd? installed a new certificate? implemented a fw rule? something else??)
Have you gone to the control center and verified your ability to contact and bind with the LDAP server?
This really sounds like an inability to bind to the configured LDAP source(s), but while you are there, it wouldn't hurt to run a couple of sample queries to check that your query string returns the expected results.
Original Message:
Sent: 8/20/2020 2:11:00 AM
From: Srikanth A
Subject: Directory data service errors
Hi,
We are receiving thousands of Directory data service errors from morning. When we check the logs in SMG we can see below errors in throusands.
Could someone please help on this.
| Date: | Thursday, Aug 20, 2020 11:38:06 AM IST |
| Severity: | Error |
| Host: | Local_Scanner2 |
| Log type: | Brightmail Engine |
| Description: |  DDS client: XML-RPC call returned fault 800402 - Permanent failure while attempting to search data source: imidomain directory Reason: Lexical error at line 1, column 17. Encountered: "\\" (92), after : "" |
| Date: | Thursday, Aug 20, 2020 11:37:49 AM IST |
| Severity: | Error |
| Host: | Local_Scanner1 |
| Log type: | MTA |
| Description: | Integration protocol error: bmiEndMessage failed. Error is: SMG: fatal server error: other |